| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jan 2015 11:13:02 -0800 From: josh@...htriplett.org To: Casey Schaufler <casey@...aufler-ca.com> Cc: paulmck@...ux.vnet.ibm.com, Iulia Manda <iulia.manda21@...il.com>, gnomes@...rguk.ukuu.org.uk, serge.hallyn@...onical.com, linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, peterz@...radead.org, mhocko@...e.cz, LSM <linux-security-module@...r.kernel.org> Subject: Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities On Thu, Jan 29, 2015 at 06:25:23PM -0800, Casey Schaufler wrote: > On 1/29/2015 5:36 PM, Paul E. McKenney wrote: > > A few K here, a few K there, and pretty soon you actually fit into the > > small-memory 32-bit SoCs. I do not believe that the processing time > > is the issue. > > And UNIX, with UID and GID processing, used to run in 64K of RAM, > without swap or paging. Bluntly, there are many other places to look > before you go here. And we're looking in all those places too. Each patch is worth evaluating independently. We've *already* gone here, the code is written (and being revised based on feedback), and "go work over there out of my backyard" is not going to work. One of these days, we're going to run in 64k again. > >> As for LSMs, I can easily see putting in the security model from the old > >> RTOS on top of a NON_ROOT configuration. Won't that be fun when the CVEs > >> start to fly? The security model is "there's one process on this system". (Expect patches for CONFIG_FORK=n and CONFIG_EXEC=n at some point.) > >> Do you think you'll be running system services like systemd on top of this? > >> Anyone *else* remember what happened when they put capability handling into > >> sendmail? > > Nope, I don't expect these systems to be using LSM, systemd, or sendmail. > > I think that many of these will instead run the application directly > > out of the init process. > > Where an "application" might be something like CrossWalk, No, not a chance. If you're running a web runtime, you're on a much larger system, and you're going to be less concerned about shaving kilobytes; you're also going to want many of the kernel facilities for sandboxing code. The kinds of applications we're talking about here run entirely in one binary, serving a few very narrow functions. We're not talking "automobile IVI system" here; we're talking "two buttons and an output", or "a few sensors and an SD card". - Josh Triplett -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists