| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Mar 2013 14:50:59 +0000 From: Matthew Garrett <matthew.garrett@...ula.com> To: Vivek Goyal <vgoyal@...hat.com> CC: James Morris <jmorris@...ei.org>, Casey Schaufler <casey@...aufler-ca.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "zohar@...ux.vnet.ibm.com" <zohar@...ux.vnet.ibm.com>, "dmitry.kasatkin@...el.com" <dmitry.kasatkin@...el.com>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "ebiederm@...ssion.com" <ebiederm@...ssion.com>, "serge@...lyn.com" <serge@...lyn.com>, "morgan@...nel.org" <morgan@...nel.org> Subject: Re: [PATCH 3/4] capability: Create a new capability CAP_SIGNED On Wed, 2013-03-20 at 10:41 -0400, Vivek Goyal wrote: > I am not sure why CAP_COMPROMISE_KERNEL(CAP_MODIFY_KERNEL) is any > different. When secureboot is enabled, kernel will take away that > capability from all the processes. So kernel became a decision maker > too whether processes have CAP_COMPROMISE_KERNEL or not based on > certain other factors like secureboot is enabled or not. No, that's a limited case. Outside of that, it's an access control capability in exactly the same way as CAP_SYS_RAWIO is. The easiest way to think of this is probably whether it ever makes sense for an arbitrary binary run as root to possess that capability. For CAP_COMPROMISE_KERNEL the answer is yes - for CAP_SIGNED, the answer is no. Just have a flag somewhere in the process structure that indicates whether it was signed. There's no need to use capabilities here. -- Matthew Garrett | mjg59@...f.ucam.org
Powered by blists - more mailing lists