| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <475757DD.8000009@ak.jp.nec.com>
Date: Thu, 06 Dec 2007 11:01:01 +0900
From: KaiGai Kohei <kaigai@...jp.nec.com>
To: serge@...lyn.com
CC: Andrew Morgan <morgan@...nel.org>,
"Serge E. Hallyn" <serue@...ibm.com>,
lkml <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org,
Chris Wright <chrisw@...s-sol.org>,
Stephen Smalley <sds@...ch.ncsc.mil>,
James Morris <jmorris@...ei.org>, Andrew Morton <akpm@...l.org>
Subject: Re: [PATCH] capabilities: introduce per-process capability bounding
set (v10)
>>> (Thus, the correct check says no 'new' pI bits can be outside cap_bset.)
>> If this condition intends to dominate 'new' pI bits by 'old' pI bits masked
>> with bounding set, we should not apply cap_combine() here.
>> I think applying cap_intersect() is correct for the purpose.
>
> That would have been my first inclination, but Andrew actually
> wanted to be able to keep a pI with bits not in the capability
> bounding set. And it's really not a big problem, since
>
> 1. you can never grow cap_bset
> 2. the capbound.c program just makes sure to call capset
> to take the bit being removed from cap_bset out of
> pI'
> 3. It could be advantageous for some daemon to keep a bit
> in pI which can never be gained through fP but can be
> gained by a child through (fI&pI).
>
> Does that seem reasonable to you?
OK, I got understood the intention of the condition.
It seems to me reasonable policy.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@...jp.nec.com>
This patch fixes incorrect condition added by per-process capability
bounding set patch.
It intends to limit no new pI capabilities outside bounding set.
Signed-off-by: KaiGai Kohei <kaigai@...jp.nec.com>
commoncap.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- linux-2.6.24-rc3/security/commoncap.c.old 2007-12-06 10:51:48.000000000 +0900
+++ linux-2.6.24-rc3/security/commoncap.c 2007-12-06 10:52:15.000000000 +0900
@@ -119,9 +119,9 @@ int cap_capset_check (struct task_struct
/* incapable of using this inheritable set */
return -EPERM;
}
- if (!!cap_issubset(*inheritable,
- cap_combine(target->cap_inheritable,
- current->cap_bset))) {
+ if (!cap_issubset(*inheritable,
+ cap_combine(target->cap_inheritable,
+ current->cap_bset))) {
/* no new pI capabilities outside bounding set */
return -EPERM;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists