lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Sat, 26 Apr 2014 12:02:28 +0900
From:	Lorenzo Colitti <lorenzo@...gle.com>
To:	Lorenzo Colitti <lorenzo@...gle.com>,
	Ben Hutchings <ben@...adent.org.uk>,
	Florian Westphal <fw@...len.de>,
	netdev <netdev@...r.kernel.org>,
	Vasiliy Kulikov <segoon@...nwall.com>
Subject: Re: [RFC][PATCH] IP: Make ping sockets optional

On Sat, Apr 26, 2014 at 6:18 AM, Hannes Frederic Sowa
<hannes@...essinduktion.org> wrote:
>> One of the original discussion threads I posted above has a link to a
>> lengthy discussion on why the original designers of this code thought
>> capabilities were not a good idea from a security standpoint.
>
> Hmm, maybe I have overlooked it but I have not found any references to
> capabilities.

I thought I had linked to that, but perhaps I hadn't. This was
proposed for the first time in 2010:
http://thread.gmane.org/gmane.linux.kernel/1079723 . The discussion on
capabilities is linked a few messages down,
http://www.openwall.com/lists/oss-security/2010/11/08/3 .

> Ok, I see. There seem to be more users of this on Android. I guess ping
> sockets are available to every application writer or will it be set
> dynamically because of application permissions? Sorry, I am not that common
> with android.

Android sets ping_group_range to "allow everything". Access to general
network connectivity is restricted by Android application permissions,
so if an application has that, it can send pings.

> Ack, that's why my first hunch was to introduce a new capability just for ping
> sockets. I assume this wouldn't work for android?

Android userspace would need to be changed to use it (to give it to
everything that has network access permissions). I don't know if
there's a way to do that today.

Also, if you introduced a new capability for this, I think the 10KB
extra code would still be there. Because ping sockets don't allow you
to send/receive arbitrary ICMP messages, they only allow ping packets.
So "a new capability to allow ping" would have to be similarly
restricted, which means a lot of the code would still have to be
there.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ