lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4D81DF02.8090608@xs4all.net>
Date:	Thu, 17 Mar 2011 11:14:26 +0100
From:	Miquel van Smoorenburg <mikevs@...all.net>
To:	Alexey Dobriyan <adobriyan@...il.com>
CC:	Richard Weinberger <richard@....at>, Arnd Bergmann <arnd@...db.de>,
	Kees Cook <kees.cook@...onical.com>,
	linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
	serge@...lyn.com, eparis@...hat.com, jmorris@...ei.org,
	eugeneteo@...nel.org, drosenberg@...curity.com,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Miquel van Smoorenburg <mikevs@...all.net>
Subject: Re: [PATCH] [RFC] Make it easier to harden /proc/



On 16-03-11 10:15 PM, Alexey Dobriyan wrote:
> On Wed, Mar 16, 2011 at 10:07:48PM +0100, Richard Weinberger wrote:
>> Am Mittwoch 16 März 2011, 22:04:52 schrieb Alexey Dobriyan:
>>> On Wed, Mar 16, 2011 at 09:52:49PM +0100, Richard Weinberger wrote:
>>>> Am Mittwoch 16 März 2011, 21:45:45 schrieb Arnd Bergmann:
>>>>> On Wednesday 16 March 2011 21:08:16 Richard Weinberger wrote:
>>>>>> Am Mittwoch 16 März 2011, 20:55:49 schrieb Kees Cook:
>>>>> I had expected that any dangerous sysctl would not be visible in
>>>>> an unpriviledge container anyway.
>>>>
>>>> No way.
>>>
>>> No way what exactly?
>>
>> Dangerous sysctls are not protected at all.
>> E.g. A jailed root can use /proc/sysrq-trigger.
>
> Yes, and it's suggested that you do not show it at all,
> instead of bloaing ctl_table.
>
> But this requires knowledge which /proc is root and which one is "root".
> :-(
>
> With current splitup into FOO_NS...

And what about sysfs, there's a lot of writable stuff there too. For 
example in /sys/module/*/parameters, /sys/block/*/device/queu , 
/sys/kernel/, /sys/platform/ etc. Perhaps things you don't want to be 
read too, such as some uevent files.

Shouldn't that be made inaccessible as well, preferably not visible?

Programs in containers may need sysfs for stuff like 
/sys/class/net/<device> , so just not mounting sysfs may not be an option.

Mike.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ