lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140429230624.GA28966@thunk.org>
Date:	Tue, 29 Apr 2014 19:06:24 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Andy Lutomirski <luto@...capital.net>
Cc:	Serge Hallyn <serge.hallyn@...ntu.com>, Marian Marinov <mm@...com>,
	containers@...ts.linux-foundation.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	lxc-devel <lxc-devel@...ts.sourceforge.net>
Subject: Re: ioctl CAP_LINUX_IMMUTABLE is checked in the wrong namespace

On Tue, Apr 29, 2014 at 03:45:24PM -0700, Andy Lutomirski wrote:
> 
> Wait, what?
> 
> Inodes aren't owned by user namespaces; they're owned by users.  And any
> user can arrange to have a user namespace in which they pass an
> inode_capable check on any inode that they own.
> 
> Presumably there's a reason that CAP_SYS_IMMUTABLE is needed.  If this
> gets merged, then it would be better to just drop CAP_SYS_IMMUTABLE
> entirely.
> 
> Nacked-by: Andy Lutomirski <luto@...capital.net>

Right, but you can't set a mapping in a child namespace unless you
have CAP_SETUID in the parent namespace, right?  Otherwise user
namespaces are completely broken from a security perspective, since
inode_capable() could never do the right thing.

Personally, reading how user namespaces work, it makes the hair rise
on the back of my neck.  I'm not sure the concept works at all from a
security perspective, but hey, I'm not using user namespaces, and some
fool thought it was worth merging.  :-)

						- Ted


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ