lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 23 Apr 2015 13:51:17 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	Andy Lutomirski <luto@...capital.net>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Arnd Bergmann <arnd@...db.de>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Tom Gundersen <teg@...m.no>, Jiri Kosina <jkosina@...e.cz>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Daniel Mack <daniel@...que.org>,
	David Herrmann <dh.herrmann@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1

On Thu, Apr 23, 2015 at 11:56 AM, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> Doing access control based on comm and cmdline is horrid, I totally
> agree.  But right now, any process in the system can read any other
> process's comm and cmdline value out of /proc today.

You have to work extra hard for it, and it's preventable anyway (ie selinux).

In contrast, with the information in the kdbus message, it's almost
certain that any random "enable debugging for dbus" patch will start
logging it, because "it's just there".

That's a big difference. Most bugs and security issues come because
people make trivial make trivial mistakes, not because people
explicitly go out of their way to make them.

> Doesn't syslog uses it today all over the place for logging stuff that
> happens in the system?

Hell no.

Sure, if an application explicitly says "log this message", then we
save the application name. But not for random system interactions.

The example Andy gave about doing things like name lookup is a good
one. Doesn't systemd already do a dns cache module?

Doing a name lookup is some *seriously* different thing than using
"syslog()" to explicitly log messages.

And if kdbus people can't see that difference, I don't see what we can
discuss here. Do you really not see the privacy implications? It turns
privacy violations from "you have to actually work at it" to "they
happen pretty much by mistake".

                           Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ