| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Jan 2013 15:32:40 -0500 From: Eric Paris <eparis@...hat.com> To: Casey Schaufler <casey@...aufler-ca.com> Cc: linux-kernel@...r.kernel.org, libc-alpha@...rceware.org, dwalsh@...hat.com, dmalcolm@...hat.com, sds@...ho.nsa.gov, segoon@...nwall.com, linux-security-module@...r.kernel.org Subject: Re: Friendlier EPERM - Request for input On Wed, 2013-01-09 at 12:14 -0800, Casey Schaufler wrote: > On 1/9/2013 11:43 AM, Eric Paris wrote: > > I know many people are worried about information leaks, so I'll right up > > front say lets add the sysctl to disable the interface for those who are > > concerned about the metadata information leak. But for most of us I > > want that data right when it happens, where it happens, so It can be > > exposed, used, and acted upon by the admin trying to troubleshoot why > > the shit just hit the fan. > > How on earth is your webadmin supposed to match the failure > of a system call with the content of /proc/8675309/whydiditfail > at the time of the failure? It's not like he's going to go into > the apache source and add code to look at what's there. > > Unfortunately, what you probably need is an interface that gives > the program access to the audit records it has generated. The first thought was wanting to add it by default to perror/strerror in libc, but libc guys didn't think it reasonable since it couldn't be save/restored across calls, like errno. Instead I hope for a libc function, something like char *get_extended_error_info(void), which outputs a localized string based on the information in the /proc interface. Programs like httpd would need to be changed to use this function when logging denials. Programs like python would use this interface to populate additional information in the exception they pass up the stack. I agree that something access to the audit record is appropriate. It's sorta like what I'm proposing. But audit is not really useful here. It doesn't collect information about any denial other than LSM. And the number of DAC or capabilities denials on a normally operating box is, I expect, quite large. Thus we can't pump them all into audit just on the unlikely chance something cares. Setting a couple of ints is cheap. Audit is really nice for people will well defined security goals and information retention and analysis purposes, but it kinda completely sucks butt for a normal sysadmin or developer... -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists