lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 10 Nov 2015 08:35:51 -0500
From:	Austin S Hemmelgarn <ahferroin7@...il.com>
To:	Theodore Ts'o <tytso@....edu>,
	Andy Lutomirski <luto@...capital.net>,
	Serge Hallyn <serge.hallyn@...ntu.com>,
	Kees Cook <keescook@...omium.org>,
	Christoph Lameter <cl@...ux.com>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Richard Weinberger <richard.weinberger@...il.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [KERNEL] [PATCH] Kernel 4.3 breaks security in systems using
 capabilities

On 2015-11-10 08:19, Klaus Ethgen wrote:
> Hi Ted, hy others in this discussion,
>
> Am Di den 10. Nov 2015 um 13:40 schrieb Theodore Ts'o:
>> Whether or not that will be acceptable upstream, I don't know, mainly
>> because I think a strong case can be made that such a patch has an
>> audience of one, and adding more complexity here for an idea which has
>> been time-tested over decades to be a failure is just not a good idea.
>
> I wouldn't tell the implementation until now to be a failure. It helped
> a lot to keep a system sane. It is true that all distributions ignored
> capabilities completely but I don't think that is due the design.
I think it's mostly due to the fact that there are a lot of potential 
security issues in using capabilities as implemented in Linux (and other 
POSIX systems), and unlike chroot(), it's not as easy to protect against 
stuff trying to bypass them while still keeping them useful. If you do a 
web search you can relatively easily find info on how to use many of the 
defined capabilities to get root-equivalent access (CAP_SYS_ADMIN and 
CAP_SYS_MODULE are obvious, but many of the others can be used also if 
you know what you are doing, for example CAP_DAC_OVERRIDE+CAP_SYS_BOOT 
can be used on non-SecureBoot systems to force the system to reboot into 
an arbitrary kernel).



Download attachment "smime.p7s" of type "application/pkcs7-signature" (3019 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ