lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 14 Jul 2016 15:21:53 -0500
From:	"Serge E. Hallyn" <serge@...lyn.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	"Serge E. Hallyn" <serge@...lyn.com>,
	John Stultz <john.stultz@...aro.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Arjan van de Ven <arjan@...ux.intel.com>,
	lkml <linux-kernel@...r.kernel.org>,
	Oren Laadan <orenl@...lrox.com>,
	Ruchi Kandoi <kandoiruchi@...gle.com>,
	Rom Lemarchand <romlem@...roid.com>,
	Android Kernel Team <kernel-team@...roid.com>,
	Todd Kjos <tkjos@...gle.com>, Colin Cross <ccross@...roid.com>,
	Nick Kralevich <nnk@...gle.com>,
	Dmitry Shmidt <dimitrysh@...gle.com>,
	Elliott Hughes <enh@...gle.com>
Subject: Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface

Quoting Kees Cook (keescook@...omium.org):
> On Thu, Jul 14, 2016 at 10:49 AM, Serge E. Hallyn <serge@...lyn.com> wrote:
> > Kees, you said adding a capability is hard - can you expound on that?
> 
> Best I can find at the moment was discussion around CAP_COMPROMISE_KERNEL:
> http://thread.gmane.org/gmane.linux.kernel/1459165

Hm, the last discussion I recall around that topic involved a confusing
negative capability iirc, I assume CAP_COMPROMISE_KERNEL was the revamped
version.

> Basically, adding a new capability for an interface can create
> userspace compatibility problems (though perhaps in this case, it's a
> new interface, so a new capability would be okay, but it's such a
> narrow use-case and CAP_SYS_NICE fits fine).

Right, there are two ways they can be added.  For new functionality,
no big deal.  (Of course we'd like to avoid going beyond 64 bits of cap
too soon, so don't want to go crazy).

The other is when we want to split off a more fine-grained version of
an existing capability.  Then we just have to make sure that the coarser
pre-existing capability continues to work as expected.  Breaking out
CAP_SYSLOG from CAP_SYS_ADMIN was an example of that.

-serge

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ