lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <528A5CFC.1060706@redhat.com>
Date:	Mon, 18 Nov 2013 12:31:24 -0600
From:	Eric Sandeen <sandeen@...hat.com>
To:	Paul FM <paulfm@...umn.edu>, linux-ext4@...r.kernel.org
Subject: Re: noacl and nouser_xattr

On 11/18/13, 8:26 AM, Paul FM wrote:
> 
> Yes - I need noacl and nouser_xattr
> 
> How about documenting your intent to remove them in the man pages.
> 
> acl support and user_xattr support need to be off on the / and /usr
> filesystems to simplify security. Actually I want a way to turn off
> ALL extended attribute support on any filesystem.  How about noxattr
> (which would turn off ALL extended attribute support including acls).
> I also use nosuid on filesystems that shouldn't have any suid files.
> 
> This is to follow the security principal - "If you aren't using it
> and don't need it - turn it off".

FWIW, it still can be disabled at build time via CONFIG_EXT3_FS_POSIX_ACL

But if you are using a distro kernel that turns that on, I see
your point about noacl.

However, I'm not sure how nouser_xattr comes into the argument?
xattrs by themselves are just metadata; they don't impact security
control unless they are a special kind of xattrs (i.e. acls).

Thanks,
-Eric

> The simple Posix/Unix permissions are more than enough security
> control in almost every situation I have run into (only wish I could
> use them in Windows).
> 
> Having worked extensively with ACLS on Windows (and some older Main
> Frame OSes) - I note that ACL's add a level of complexity to security
> that actually makes for less security.  I see the need to support
> them in Unix/Linux - but they should be OFF unless someone
> specifically wants to use them (at least don't make them hard to turn
> off).
> 
> Just try auditing the security of a windows filesystem if you don't
> think ACL's add extreme complexity (I gave up - I just forcibily set
> all the ACL's myself by script using the unix Owner,Group,Other
> concepts as a model to simplify what I am setting).
> 
> 
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ