| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jul 2006 12:05:23 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: "Serge E. Hallyn" <serue@...ibm.com>, Dave Hansen <haveblue@...ibm.com>, Cedric Le Goater <clg@...ibm.com>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...l.org>, Kirill Korotaev <dev@...nvz.org>, Andrey Savochkin <saw@...ru>, Herbert Poetzl <herbert@...hfloor.at>, Sam Vilain <sam.vilain@...alyst.net.nz> Subject: Re: [PATCH -mm 5/7] add user namespace Quoting Eric W. Biederman (ebiederm@...ssion.com): > "Serge E. Hallyn" <serue@...ibm.com> writes: > > > Quoting Eric W. Biederman (ebiederm@...ssion.com): > >> Dave Hansen <haveblue@...ibm.com> writes: > >> > >> > On Thu, 2006-07-13 at 21:45 -0600, Eric W. Biederman wrote: > >> >> I think for filesystems like /proc and /sys that there will normally > >> >> be problems. However many of those problems can be rationalized away > >> >> as a reasonable optimization, or are not immediately apparent. > >> > > >> > Could you talk about some of these problems? > >> > >> Already mentioned but. rw permissions on sensitive files are for > >> uid == 0. No capability checks are performed. > > > > As Herbert (IIRC) pointed out that could/should be fixed. > > Capabilities have always fitted badly in with the normal unix > permissions. Well they're not supposed to fit in. If we keep permchecks as uid==0 on files which invoke kernel callbacks, then we can only say once what root is allowed to do. If we make them capability checks, then for differnet uses of namespaces we can have them do different things. For instance if we're making a separate user namespace for a checkpoint/restart purpose, we might want root to retain more privs than if we're making a vserver. Look I just have to keep responding because you keep provoking :), but I'm looking at other code and don't even know which entries we're talking about. If when I get to looking at them I find they really should be done by capabilities, I'll submit a patch and we can argue then. > So if we have a solution that works nicely with normal > unix permissions we will have a nice general solution, that is > easy for people to understand. > > What I am talking about is making a small tweak to the permission > checking as below. Why do you keep avoiding even considering it? Not only don't I avoid considering it, I thought I'd even suggested it a while ago :) It sounds good to me. -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists