| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Sep 2006 00:09:43 -0400 From: Joshua Brindle <method@...too.org> To: casey@...aufler-ca.com CC: David Madore <david.madore@....fr>, Linux Kernel mailing-list <linux-kernel@...r.kernel.org>, LSM mailing-list <linux-security-module@...r.kernel.org> Subject: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities Casey Schaufler wrote: > --- Joshua Brindle <method@...too.org> wrote: > >>> The first system I took through evaluation >>> (that is, independent 3rd party analysis) stored >>> security attributes in a file while the second >>> and third systems attached the attributes >>> directly (XFS). The 1st evaluation required >>> 5 years, the 2nd 1 year. It is possible that >>> I just got a lot smarter with age, but I >>> ascribe a significant amount of the improvement >>> to the direct association of the attributes >>> to the file. >>> >> Thats great but entirely irrelevant in this context. >> The patch and caps >> in question are not attached to the file via some >> externally observable >> property (eg., xattr) but instead are embedded in >> the source code so >> that it can drop caps at certain points during the >> execution or before >> executing another app, thus unanalyzable. >> > > Oh that. Sure, we used capability bracketing > in the code, too. That makes it easy to > determine when a capability is active. What, > you don't think that it's possible to analyze > source code? Of course it is. Refer to the > evaluation reports if you don't believe me. > > When I see an analysis of every line of source code on an average Linux machine then I might believe you (if you'll grant that no software can ever be installed on it afterward without being analyzed) but until then I'll stick with a centralized policy. I doubt many others will be satisfied with that limitation. Bracketing hardly makes it analyzable, how can you possibly know if the bracketing happened? You *believe* it will and therefore you say that the bracketed code is safe but in reality this is a discretionary mechanism and you have zero assurance that there is any security whatsoever, no thanks, I'll pass. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists