lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87lhhv36je.fsf@x220.int.ebiederm.org>
Date:	Mon, 13 Apr 2015 19:19:49 -0500
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Arnd Bergmann <arnd@...db.de>, gnomes@...rguk.ukuu.org.uk,
	teg@...m.no, jkosina@...e.cz, luto@...capital.net,
	linux-kernel@...r.kernel.org, daniel@...que.org,
	dh.herrmann@...il.com, tixxdz@...ndz.org
Subject: Re: [GIT PULL] kdbus for 4.1-rc1

ebiederm@...ssion.com (Eric W. Biederman) writes:

> Greg Kroah-Hartman <gregkh@...uxfoundation.org> writes:
>
>> The following changes since commit 9eccca0843205f87c00404b663188b88eb248051:
>>
>>   Linux 4.0-rc3 (2015-03-08 16:09:09 -0700)
>>
>> are available in the git repository at:
>>
>>   git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/ tags/kdbus-4.1-rc1
>>
>> for you to fetch changes up to 9fb9cd0f4434a23487b6ef3237e733afae90e336:
>>
>>   kdbus: avoid the use of struct timespec (2015-04-10 14:34:53 +0200)
>>
>> ----------------------------------------------------------------
>> kdbus for 4.1-rc1
>>
>> Here's the kdbus pull request for 4.1-rc1.
>>
>> It's been under development for many years now, and been in linux-next
>> for many months, and has undergone loads of testing a review and even a few
>> good arguments.  It comes with full documentation and tests.
>
>> There has been a few complaints about the code, notably from people who
>> don't like the use of metadata in the bus messages.  That is actually
>> one of the main features here, as we can get this data in a secure and
>> reliable way, and it's something that userspace requires today.  So
>> while it does look "odd" to people who are not familiar with dbus, this
>> is something that finally fixes a number of almost unfixable races in
>> the current dbus implementations.
>
> And the code that transfers the meta-data is wrong.

In fact it is worse than I thought.

With an userspace application able to give meaning to any of the bits of
meta-data that are passed (capabilities, cgroup, security labels, etc)
that in the fullness of time dropping in them will grant you more
permissions somewhere.

Which means that it becomes impossible to change anything.  Impossible
to jail anything.  It in fact becomes impossible to do anything right.

Which means the ultimate result of the direction kdbus is going is a
world where nothing can be done without introducing a security issue or
breaking userspace.

So as far as I can tell kdbus has a fundamental design flaw.

My apologies for being the bearer of bad news.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ