lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Apr 2015 02:45:36 +0000 From: Serge Hallyn <serge.hallyn@...ntu.com> To: Andy Lutomirski <luto@...capital.net> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, Ted Ts'o <tytso@....edu>, "Andrew G. Morgan" <morgan@...nel.org>, Andrew Morton <akpm@...uxfoundation.org>, Michael Kerrisk <mtk.manpages@...il.com>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, Linux API <linux-api@...r.kernel.org>, Austin S Hemmelgarn <ahferroin7@...il.com>, linux-security-module <linux-security-module@...r.kernel.org>, Aaron Jones <aaronmdjones@...il.com>, Christoph Lameter <cl@...ux.com>, LKML <linux-kernel@...r.kernel.org>, Serge Hallyn <serge.hallyn@...onical.com>, Markku Savela <msa@...h.iki.fi>, Kees Cook <keescook@...omium.org>, Jonathan Corbet <corbet@....net> Subject: Re: [RFC] capabilities: Ambient capabilities Quoting Andy Lutomirski (luto@...capital.net): > On Apr 24, 2015 2:15 PM, "Serge E. Hallyn" <serge@...lyn.com> wrote: > > > > On Fri, Apr 24, 2015 at 01:18:44PM -0700, Andy Lutomirski wrote: > > > On Fri, Apr 24, 2015 at 1:13 PM, Christoph Lameter <cl@...ux.com> wrote: > > > > On Fri, 24 Apr 2015, Andy Lutomirski wrote: > > > > > > > >> That's sort of what my patch does -- you need CAP_SETPCAP to switch > > > >> the securebit. > > > >> > > > >> But Christoph's patch required it to add caps to the ambient set, right? > > > > > > > > Yes but you seem to be just adding one additional step without too much of > > > > a benefit because you still need CAP_SETPCAP. > > > > > > > > > > No, because I set the default to on :) > > > > Right - I definately prefer > > > > . default off > > . CAP_SETPCAP required to turn it on (for self and children) > > . once on, anyone can copy bits from (whatever we decided) to pA. > > > > Why default off? If there's some weird reason that switching it on > could cause a security problem, then I'd agree, but I haven't spotted > a reason yet. Cause it's less scary? I'll just wait for the new patchset :) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists