| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Mar 2015 10:47:22 -0500 (CDT) From: Christoph Lameter <cl@...ux.com> To: "Andrew G. Morgan" <morgan@...nel.org> cc: "Serge E. Hallyn" <serge@...lyn.com>, LSM List <linux-security-module@...r.kernel.org>, Serge Hallyn <serge.hallyn@...onical.com>, Michael Kerrisk <mtk.manpages@...il.com>, Jonathan Corbet <corbet@....net>, Linux API <linux-api@...r.kernel.org>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, Aaron Jones <aaronmdjones@...il.com>, Andy Lutomirski <luto@...capital.net>, Austin S Hemmelgarn <ahferroin7@...il.com>, Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, Andrew Morton <akpm@...uxfoundation.org>, Markku Savela <msa@...h.iki.fi>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] capabilities: Ambient capability set V2 On Mon, 9 Mar 2015, Andrew G. Morgan wrote: > If this is new info, perhaps you might reconsider the rationale for your > patch? I suspect you are focused on addressing a problem that you felt was > unaddressed before, but given how much appears to have been unclear to you > about the current implementation it might be worth a pause for thought. The problems with unclear documentation and a weird counterintuitive implementation that lots of people have trouble to use do not impact the approach as far as I can tell. The discovery about how to set inheritable bits does not help with the use cases here. Even with this patch there is still the need to write a wrapper to get the functionality that one would expect to just be possible by setting inheritable bits on a file. The necessity to set the bits via prctl in the wrapper complicates matters further and makes it even more difficult than we thought before to make use of this feature. > http://ols.fedoraproject.org/OLS/Reprints-2008/hallyn-reprint.pdf Well maybe one should make sure that this info is properly comunicated in the man pages and related documentation? This seems to be a big decade old desaster. I need a Ph.D. in capabilities in order to attempt to use them (but then oww no they still are not able to handle my use cases). We get security through obscurity and also have then the inabilty to make effective use of capabilities? Security measures need to follow basic conventions, be obvious and easily understandable as well as well documented. There is a huge risk of a sysadmin misconfiguring one of the multiple measures that one needs to go through in order to gain some sort of inheritance of capabilities and thereby adding more functionality than necessary just in order to get it to work. The best measure would be to make the inheritance bits work as one would naturally expect. They just allow full inheritance of the caps. No wrappers needed and its easily understood what it does. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists