| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100617170453.GV24749@outflux.net> Date: Thu, 17 Jun 2010 10:04:53 -0700 From: Kees Cook <kees.cook@...onical.com> To: James Morris <jmorris@...ei.org> Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, linux-kernel@...r.kernel.org, Randy Dunlap <rdunlap@...otime.net>, Andrew Morton <akpm@...ux-foundation.org>, Jiri Kosina <jkosina@...e.cz>, Dave Young <hidave.darkstar@...il.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, Roland McGrath <roland@...hat.com>, Oleg Nesterov <oleg@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, David Howells <dhowells@...hat.com>, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, "Eric W. Biederman" <ebiederm@...ssion.com>, linux-doc@...r.kernel.org, Stephen Smalley <sds@...ho.nsa.gov>, Daniel J Walsh <dwalsh@...hat.com>, linux-security-module@...r.kernel.org Subject: Re: [PATCH] ptrace: allow restriction of ptrace scope Hi James, On Thu, Jun 17, 2010 at 11:45:42PM +1000, James Morris wrote: > On Wed, 16 Jun 2010, Kees Cook wrote: > > [Note: it would be useful to cc: the LSM list on security discussions] Sorry, I was blindly using get_maintainer output. > > Certainly. PTRACE can already be confined by SELinux and AppArmor. I'm > > looking for a general approach that doesn't require a system builder to > > create MAC policies for unknown software. I want to define a common core > > behavior. > > > > > And even if you don't care about using the same security stuff the rest > > > of the world is using to solve the problem this like the other half baked > > > stuff you posted for links belongs as a security module. > > > > The LSM isn't stackable, so I can't put it there and choose this and > > SELinux (for the case of software-without-a-policy). > > SELinux already supports a global switch for ptrace via the allow_ptrace > boolean. You don't need to write any policy, just set it to 0. > > Global behavior can be further customized and refined (e.g. create a > generic policy module for apps without an existing policy, which allows > everything except things like ptrace and dangerous symlinks). > > SELinux users would not need the other LSM, and stacking is thus not > required. But if a user wants to disable ptrace using the SELinux LSM and then also disable sticky-symlinks via the ItsHideous LSM, they're out of luck. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists