lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <480E8507.8050801@ak.jp.nec.com>
Date:	Wed, 23 Apr 2008 09:38:31 +0900
From:	KaiGai Kohei <kaigai@...jp.nec.com>
To:	Alexey Dobriyan <adobriyan@...il.com>
CC:	greg@...ah.com, morgan@...nel.org, serue@...ibm.com,
	chrisw@...s-sol.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3] exporting capability name/code pairs (for 2.6.26)

Alexey Dobriyan wrote:
> On Tue, Apr 22, 2008 at 08:12:15PM +0900, KaiGai Kohei wrote:
>> $ ls -R /sys/kernel/capability/
>> /sys/kernel/capability/:
>> codes  names  version
>>
>> /sys/kernel/capability/codes:
>> 0  10  12  14  16  18  2   21  23  25  27  29  30  32  4  6  8
>> 1  11  13  15  17  19  20  22  24  26  28  3   31  33  5  7  9
>>
>> /sys/kernel/capability/names:
>> cap_audit_control    cap_kill              cap_net_raw     cap_sys_nice
>> cap_audit_write      cap_lease             cap_setfcap     cap_sys_pacct
>> cap_chown            cap_linux_immutable   cap_setgid      cap_sys_ptrace
>> cap_dac_override     cap_mac_admin         cap_setpcap     cap_sys_rawio
>> cap_dac_read_search  cap_mac_override      cap_setuid      cap_sys_resource
>> cap_fowner           cap_mknod             cap_sys_admin   cap_sys_time
>> cap_fsetid           cap_net_admin         cap_sys_boot    cap_sys_tty_config
>> cap_ipc_lock         cap_net_bind_service  cap_sys_chroot
>> cap_ipc_owner        cap_net_broadcast     cap_sys_module
>> $ cat /sys/kernel/capability/names/cap_sys_pacct
>> 20
>> $ cat /sys/kernel/capability/codes/16
>> cap_sys_module
> 
> This is amazing amount of bloat for such conceptually simple feature!
> 
> Below is /proc/capabilities ,
> a) without all memory eaten by sysfs files and directories,
>    generated on the fly
> b) with capability names matching the ones in manpages
> c) nicely formatted
> e) with whole-whooping 2 lines of protection from fool
> 	(including helpful directions)
>   Proposed regexp of course will incorrectly match someday
> 
> If this file will be used often, I can even make whole its content
> become generated at compile time and then put into buffers
> with 1 (one) seq_puts()!

I had suggested a similar idea previously, but it could not be supported
because it requires to scan whole of /proc/capabilities at first.

Using sysfs enables to translate them without seeking, as Andrew Morgan said.

> 	Alexey "0	CAP_CHOWN
> 		1	CAP_DAC_OVERRIDE
> 		2	CAP_DAC_READ_SEARCH
> 		3	CAP_FOWNER
> 		4	CAP_FSETID
> 		5	CAP_KILL
> 		6	CAP_SETGID
> 		7	CAP_SETUID
> 		8	CAP_SETPCAP
> 		9	CAP_LINUX_IMMUTABLE
> 		10	CAP_NET_BIND_SERVICE
> 		11	CAP_NET_BROADCAST
> 		12	CAP_NET_ADMIN
> 		13	CAP_NET_RAW
> 		14	CAP_IPC_LOCK
> 		15	CAP_IPC_OWNER
> 		16	CAP_SYS_MODULE
> 		17	CAP_SYS_RAWIO
> 		18	CAP_SYS_CHROOT
> 		19	CAP_SYS_PTRACE
> 		20	CAP_SYS_PACCT
> 		21	CAP_SYS_ADMIN
> 		22	CAP_SYS_BOOT
> 		23	CAP_SYS_NICE
> 		24	CAP_SYS_RESOURCE
> 		25	CAP_SYS_TIME
> 		26	CAP_SYS_TTY_CONFIG
> 		27	CAP_MKNOD
> 		28	CAP_LEASE
> 		29	CAP_AUDIT_WRITE
> 		30	CAP_AUDIT_CONTROL
> 		31	CAP_SETFCAP
> 		32	CAP_MAC_OVERRIDE
> 		33	CAP_MAC_ADMIN"	Dobriyan
> 
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -19,6 +19,8 @@
>  #include <linux/swap.h>
>  #include <linux/skbuff.h>
>  #include <linux/netlink.h>
> +#include <linux/proc_fs.h>
> +#include <linux/seq_file.h>
>  #include <linux/ptrace.h>
>  #include <linux/xattr.h>
>  #include <linux/hugetlb.h>
> @@ -597,3 +599,81 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
>  	return __vm_enough_memory(mm, pages, cap_sys_admin);
>  }
>  
> +#ifdef CONFIG_PROC_FS
> +static const struct {
> +	int val;
> +	const char *str;
> +} proc_cap[] = {
> +#define _(cap) { .val = cap, .str = #cap }
> +	_(CAP_CHOWN),
> +	_(CAP_DAC_OVERRIDE),
> +	_(CAP_DAC_READ_SEARCH),
> +	_(CAP_FOWNER),
> +	_(CAP_FSETID),
> +	_(CAP_KILL),
> +	_(CAP_SETGID),
> +	_(CAP_SETUID),
> +	_(CAP_SETPCAP),
> +	_(CAP_LINUX_IMMUTABLE),
> +	_(CAP_NET_BIND_SERVICE),
> +	_(CAP_NET_BROADCAST),
> +	_(CAP_NET_ADMIN),
> +	_(CAP_NET_RAW),
> +	_(CAP_IPC_LOCK),
> +	_(CAP_IPC_OWNER),
> +	_(CAP_SYS_MODULE),
> +	_(CAP_SYS_RAWIO),
> +	_(CAP_SYS_CHROOT),
> +	_(CAP_SYS_PTRACE),
> +	_(CAP_SYS_PACCT),
> +	_(CAP_SYS_ADMIN),
> +	_(CAP_SYS_BOOT),
> +	_(CAP_SYS_NICE),
> +	_(CAP_SYS_RESOURCE),
> +	_(CAP_SYS_TIME),
> +	_(CAP_SYS_TTY_CONFIG),
> +	_(CAP_MKNOD),
> +	_(CAP_LEASE),
> +	_(CAP_AUDIT_WRITE),
> +	_(CAP_AUDIT_CONTROL),
> +	_(CAP_SETFCAP),
> +	_(CAP_MAC_OVERRIDE),
> +	_(CAP_MAC_ADMIN),
> +#undef _

It should be generated automatically.
and, where is the "version" information?

> +};
> +
> +static int proc_capabilities_show(struct seq_file *m, void *v)
> +{
> +	int i;
> +
> +	for (i = 0; i < ARRAY_SIZE(proc_cap); i++)
> +		seq_printf(m, "%d\t%s\n", proc_cap[i].val, proc_cap[i].str);
> +	return 0;
> +}
> +
> +static int proc_capabilities_open(struct inode *inode, struct file *file)
> +{
> +	return single_open(file, proc_capabilities_show, NULL);
> +}
> +
> +static const struct file_operations capabilities_proc_fops = {
> +	.owner		= THIS_MODULE,
> +	.open		= proc_capabilities_open,
> +	.read		= seq_read,
> +	.llseek		= seq_lseek,
> +	.release	= single_release,
> +};
> +
> +static int __init commoncap_init(void)
> +{
> +	struct proc_dir_entry *pde;
> +
> +	pde = proc_create("capabilities", 0, NULL, &capabilities_proc_fops);
> +	if (!pde)
> +		return -ENOMEM;
> +	/* Forgot to add new capability to proc_cap array? */
> +	BUILD_BUG_ON(ARRAY_SIZE(proc_cap) != CAP_LAST_CAP + 1);
> +	return 0;
> +}
> +module_init(commoncap_init);
> +#endif
> 
> 


-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@...jp.nec.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ