lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <457DCE1C.7010908@novell.com>
Date:	Mon, 11 Dec 2006 13:31:08 -0800
From:	Crispin Cowan <crispin@...ell.com>
To:	"Serge E. Hallyn" <serue@...ibm.com>,
	lkml <linux-kernel@...r.kernel.org>,
	linux-security-module@...r.kernel.org,
	Andrew Morton <akpm@...l.org>,
	Stephen Smalley <sds@...ch.ncsc.mil>
Subject: Re: [PATCH 0/2] file capabilities: two bugfixes

Seth Arnold wrote:
> On Fri, Dec 08, 2006 at 01:36:57PM -0600, Serge E. Hallyn wrote:
>   
>> The other is that root can lose capabilities by executing files with
>> only some capabilities set.  The next two patches change these
>> behaviors.
>>     
> I saw this in my code review and thought that this behaviour was
> intentional. :) It seemed like a good idea to me..
>   
It really depends on which threat you are trying to defend against.

Serge is correct that it does not prevent root from copying the file,
messing with the attributes, and running it anyway. However, I don't see
file capabilities as being intended to try to confine root.

Rather, it seems like it is intended to make it easier to manage what
capabilities should usually be present when the program is run. E.g. the
file has a limited capability set so that root can run it and not have
to think about overtly dropping privs or su'ing to a non-privileged user
to be able to run it safely.

So I'm with Seth; it sounds like a feature, not a bug.

Caveat: I have no clue what the POSIX.1e committee intended. But since
none of the POSIX-alike implementations are compatible with each other
anyway, I don't really care :)

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
     Hacking is exploiting the gap between "intent" and "implementation"

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ