lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1289862499.14282.47.camel@localhost.localdomain>
Date:	Mon, 15 Nov 2010 18:08:19 -0500
From:	Eric Paris <eparis@...hat.com>
To:	James Morris <jmorris@...ei.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Joe Perches <joe@...ches.com>,
	Dan Rosenberg <drosenberg@...curity.com>,
	LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>,
	Eugene Teo <eugeneteo@...nel.org>,
	Kees Cook <kees.cook@...onical.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	LSM List <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH] Fix dmesg_restrict build failure with
 CONFIG_EMBEDDED=y and CONFIG_PRINTK=n

On Tue, 2010-11-16 at 09:58 +1100, James Morris wrote:
> On Mon, 15 Nov 2010, Eric Paris wrote:
> 
> > Not sure how that's possible.  I mean, I guess it's possible if the
> > fabled LSM reimplements the cap call, but I'm not sure how you can
> > remove a restrictive only security check without 'weakening' the system
> > in some way.
> 
> If generic security logic is mixed into a capability call, then not 
> implementing the cap call also loses the generic security logic.

I guess it comes down to what you define 'generic security logic.'
We've come to expect that capabilities are an indispensable mechanism
for control object access.  The prevalence of if (!capable(***))
throughout the kernel proves that fact.  I think that sometimes open
coding how we expect to use capabilities and sometimes hiding it behind
an LSM hook is just bad news.  I'd prefer all open coding, but that
might not be the best in all situations.  Hopefully I'll get a chance to
try to clean that up a little.

In any case, right now I need to go write a patch description since I
just compile tested it a couple of ways....

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ