| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070827152817.GA31632@vino.hallyn.com> Date: Mon, 27 Aug 2007 10:28:17 -0500 From: "Serge E. Hallyn" <serge@...lyn.com> To: Adrian Bunk <bunk@...nel.org> Cc: Andrew Morgan <morgan@...nel.org>, chrisw@...s-sol.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [2.6 patch] remove securebits Quoting Adrian Bunk (bunk@...nel.org): > On Mon, Aug 27, 2007 at 10:09:42AM -0500, Serge E. Hallyn wrote: > > Quoting Adrian Bunk (bunk@...nel.org): > > > On Fri, Aug 24, 2007 at 08:50:10PM -0700, Andrew Morgan wrote: > > > > > > > > FWIW, in the mm kernel, I've actually already removed them when one > > > > configures without capabilities. > > > > > > > > http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc3/2.6.23-rc3-mm1/broken-out/v3-file-capabilities-alter-behavior-of-cap_setpcap.patch > > > > > > > > Other than writing a custom module, so far as I can tell, there is/was > > > > no way to set them anyway. > > > > > > > > I'd obviously prefer to wait for the mm-merge process to complete and > > > > minimize the churn in this area, but I basically agree that the bits as > > > > implemented are pretty useless in their current form. In a per-process > > > > mode (with filesystem capability support) they are much more useful... > > > > > > It was in the tree for nine years (sic) without a single user... > > > > That's because without file capabilities there was no way for a process > > to retain capabilities across exec, so not having a privileged root user > > was simply not workable. > > > > > Are you only improving a dead horse, or do you also have a rider for the > > > improved dead horse? > > > > It will allow process trees to run with strict capabilities, without a > > root user which automatically gains full capabilities. That wasn't > > possible without file capabilities, since there was no way for processes > > to retain capabilities across exec. Now that we have file capabilities, > > it is feasible, and it certainly is useful. > > I didn't question that the dead horse gets improved, but where's the > rider? > > A user of the improved securebits has to be submitted for inclusion in > the kernel. The user would be userspace... Unless by 'the user' you actually mean the patch itself which will allow the setting of secure_noroot per-process. I don't know for sure, but suspect Andrew might like to wait until file capabilities make it into and stabilize in Linus' tree before going on with that. -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists