| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1237227705.1035.93.camel@localhost.localdomain> Date: Mon, 16 Mar 2009 14:21:45 -0400 From: Stephen Smalley <sds@...ho.nsa.gov> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: Igor Zhbanov <izh1979@...il.com>, "J. Bruce Fields" <bfields@...ldses.org>, Michael Kerrisk <mtk.manpages@...il.com>, linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk, neilb@...e.de, Trond.Myklebust@...app.com, David Howells <dhowells@...hat.com>, Andrew Morgan <morgan@...nel.org>, James Morris <jmorris@...ei.org>, linux-security-module@...r.kernel.org, SELinux <selinux@...ho.nsa.gov> Subject: Re: Ответ: VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK? On Fri, 2009-03-13 at 14:00 -0500, Serge E. Hallyn wrote: > Quoting Igor Zhbanov (izh1979@...il.com): > > But ordinary users can't create devices. It seems to me that in time > > of implementation of capabilities in kernel 2.4, capabilities related > > to filesystem was added first. And mark for them contains all above in > > header file. And when CAP_MKNOD was added later, author just forget to > > update mask. > > > > If mask was designed to drop all filesystem related capabilities, then > > it must be expanded, because ordinary users cannot create devices etc. > > I think you thought Bruce was saying we shouldn't change the set of > capabilities, but he was just asking exactly what changes Michael was > interested in. > > Igor, thanks for finding this. I never got your original message. Do > you have a patdch to add the two capabilities? Do you think the > other two I mentioned (CAP_SYS_ADMIN and CAP_SETFCAP) need to be > added too? > > I've added Andrew Morgan, LSM and SELinux mailing lists to get another > opinion about adding those two. In particular, we'd be adding them > to the fs_masks becuase CAP_SYS_ADMIN lets you change the selinux > label, and CAP_SETFCAP lets you change the file capabilities. I'd be inclined against adding CAP_SYS_ADMIN to the mask; note that it is only checked for setting SELinux security contexts (or more broadly any attributes in the security namespace) when SELinux is disabled. In the SELinux-enabled case, we are checking SELinux-specific permissions when setting the SELinux attributes, whether on the client or the server. -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists