Dne 31.1.2019 v 13:26 Mark Brown napsal(a):
On Thu, Jan 31, 2019 at 09:08:04AM +0100, Takashi Iwai wrote:
Mark Brown wrote:
anything O_APPEND based. My understanding is that this is fundamentally a risk mitigation thing - by not having any of the sound kernel interfaces available to the applications affected there's no possibility that any problems in the sound code can cause security issues.
The patch 2 implements exactly that kind of access restriction, so that the passed fd won't do anything else than wished.
Yeah.
If we want to be super-conservative, the implementation could be even simpler -- instead of filtering, we may pass a minimum fd ops that contains only mmap and release for the anon-dup fd...
I think that'd definitely help address the concerns.
A possible implementation:
http://git.alsa-project.org/?p=alsa-kernel.git;a=commitdiff;h=ca15bc69a984cc...
Jaroslav