lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 02 Oct 2006 09:38:52 +0000 From: Michael Rasenberger <miraze@....de> To: Sam Ravnborg <sam@...nborg.org> CC: linux-kernel@...r.kernel.org Subject: Re: 2.6.18-mm1 violates sandbox feature on linux distribution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, maybe this helps: http://bugday.gentoo.org/sandbox.html. Basically the sandbox is a kind of security mechanism that prevents files from being created outside a specific directory during package installation phases (unpacking, compiling ..). If the package uses KBuild to make a kernel module the sandbox is triggered under 2.6.18-mm1 because of the temporary file creation in the kernel directory. Of course this feature can be bypassed (e.g. disable sandbox), but if there is a way to do these tests without file creation it would be much more consistent. Btw. is there a reason for creating the file? AFAICS there is not test performed on it? I have to admit that due to the nature of -mm of being a testbed this is not a critical issue. Michael Sam Ravnborg wrote: > On Wed, Sep 27, 2006 at 06:08:14PM +0000, Michael Rasenberger wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello, >> >> when building external kernel module on gentoo linux distribution, >> 2.6.18-mm1 violates gentoo's sandbox feature due to file creation in >> "as-instr" test in scripts/Kbuild.include. (AFAIK due to removal of >> revert-x86_64-mm-detect-cfi.patch) > > Can you point to to some description of this sandbox feature. > The error you point out looks pretty generic and should happen > in several places - so I need to understand what problem I shall > fix before trying to fix it. > > The point is that we have other places where we create temporary files > so this should not be the only issue. > > Sam -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFIN4sC0GEtIi2MlcRAvrwAJ9fXuyfdd6DlpHlzZf0ndKC3WCFmQCfQ3to E5BMlencOsGm/KMYADYp91A= =n6sF -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists