lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 9 Dec 2013 12:26:19 -0600
From:	Serge Hallyn <serge.hallyn@...ntu.com>
To:	Gao feng <gaofeng@...fujitsu.com>
Cc:	"Serge E. Hallyn" <serge@...lyn.com>, linux-kernel@...r.kernel.org,
	linux-audit@...hat.com, Richard Guy Briggs <rgb@...hat.com>,
	containers@...ts.linux-foundation.org, eparis@...hat.com,
	ebiederm@...ssion.com, sgrubb@...hat.com
Subject: Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Quoting Gao feng (gaofeng@...fujitsu.com):
> On 12/07/2013 06:12 AM, Serge E. Hallyn wrote:
> > Quoting Gao feng (gaofeng@...fujitsu.com):
> >> Hi
> >>
> >> On 10/24/2013 03:31 PM, Gao feng wrote:
> >>> Here is the v1 patchset: http://lwn.net/Articles/549546/
> >>>
> >>> The main target of this patchset is allowing user in audit
> >>> namespace to generate the USER_MSG type of audit message,
> >>> some userspace tools need to generate audit message, or
> >>> these tools will broken.
> >>>
> >>
> >> I really need this feature, right now,some process such as
> >> logind are broken in container becase we leak of this feature.
> > 
> > Your set doesn't address loginuid though right?  How exactly do you
> > expect to do that?  If user violates MAC policy and audit msg is
> > sent to init user ns by mac subsys, you need the loginuid from
> > init_audit_ns.  where will that be stored if you allow updates
> > of loginuid in auditns?
> > 
> This patchset doesn't include the loginuid part.
> 
> the loginuid is stored in task as before.
> In my opinion, when task creates a new audit namespace, this task's
> loginuid will be reset to zero, so the children tasks can set their
> loginuid. Does this change break the MAC?

I think so, yes.  In an LSPP selinux environment, if the task
manages to trigger an selinux deny rule which is audited, then
the loginuid must make sense on the host.  Now presumably it
will get translated to the mapped host uid, and we can figure
out the host uid owning it through /etc/subuid.  But that adds
/etc/subuid as a new part of the TCB without any warning <shrug>
So in that sense, for LSPP, it breaks it.

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ