| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Aug 2008 17:35:04 -0700 From: "Andrew G. Morgan" <morgan@...nel.org> To: Serge Hallyn <serue@...ibm.com> CC: linux-kernel@...r.kernel.org, dhowells@...hat.com, agruen@...e.de Subject: Re: [PATCH 1/2] file capabilities: add no_file_caps switch (v2) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Acked-by: Andrew G. Morgan <morgan@...nel.org> Cheers Andrew Serge Hallyn wrote: | Add a no_file_caps boot option when file capabilities are | compiled into the kernel (CONFIG_SECURITY_FILE_CAPABILITIES=y). | | This allows distributions to ship a kernel with file capabilities | compiled in, without forcing users to use (and understand and | trust) them. | | When no_file_caps is specified at boot, then when a process executes | a file, any file capabilities stored with that file will not be | used in the calculation of the process' new capability sets. | | This means that booting with the no_file_caps boot option will | not be the same as booting a kernel with file capabilities | compiled out - in particular a task with CAP_SETPCAP will not | have any chance of passing capabilities to another task (which | isn't "really" possible anyway, and which may soon by killed | altogether by David Howells in any case), and it will instead | be able to put new capabilities in its pI. However since fI | will always be empty and pI is masked with fI, it gains the | task nothing. | | We also support the extra prctl options, setting securebits and | dropping capabilities from the per-process bounding set. | | The other remaining difference is that killpriv, task_setscheduler, | setioprio, and setnice will continue to be hooked. That will | be noticable in the case where a root task changed its uid | while keeping some caps, and another task owned by the new uid | tries to change settings for the more privileged task. | | Signed-off-by: Serge Hallyn <serue@...ibm.com> | --- | include/linux/capability.h | 4 ++++ | kernel/capability.c | 11 +++++++++++ | security/commoncap.c | 9 +++++++++ | 3 files changed, 24 insertions(+), 0 deletions(-) | | diff --git a/include/linux/capability.h b/include/linux/capability.h | index 9d1fe30..c96c455 100644 | --- a/include/linux/capability.h | +++ b/include/linux/capability.h -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIt0Qi+bHCR3gb8jsRApyoAKC4brJOkrqsna3iDQ8xMFEPlyAW/wCbBHy+ xUaMSRInmcgNkYdoNJkxzOQ= =zTib -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists