31 Jan
2019
31 Jan
'19
1:26 p.m.
On Thu, Jan 31, 2019 at 09:08:04AM +0100, Takashi Iwai wrote:
Mark Brown wrote:
anything O_APPEND based. My understanding is that this is fundamentally a risk mitigation thing - by not having any of the sound kernel interfaces available to the applications affected there's no possibility that any problems in the sound code can cause security issues.
The patch 2 implements exactly that kind of access restriction, so that the passed fd won't do anything else than wished.
Yeah.
If we want to be super-conservative, the implementation could be even simpler -- instead of filtering, we may pass a minimum fd ops that contains only mmap and release for the anon-dup fd...
I think that'd definitely help address the concerns.