| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <000001d0c80b$55bdec50$0139c4f0$@samsung.com> Date: Mon, 27 Jul 2015 10:27:00 +0900 From: Sungbae Yoo <sungbae.yoo@...sung.com> To: 'Lukasz Pawelczyk' <l.pawelczyk@...sung.com>, 'Casey Schaufler' <casey@...aufler-ca.com> Cc: 'James Morris' <james.l.morris@...cle.com>, "'Serge E. Hallyn'" <serge@...lyn.com>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: RE: [PATCH] Smack: replace capable() with ns_capable() So, Do you agree to allow the process to change its own labels? Now, init process(eg. systemd) can't be running in user namespace properly because it can't be assign smack label to service. If you agree, I'll upload another patch limited to this. -----Original Message----- From: Lukasz Pawelczyk [mailto:l.pawelczyk@...sung.com] Sent: Friday, July 24, 2015 8:41 PM To: Sungbae Yoo; Casey Schaufler Cc: James Morris; Serge E. Hallyn; linux-security-module@...r.kernel.org; linux-kernel@...r.kernel.org Subject: Re: [PATCH] Smack: replace capable() with ns_capable() On piÄ…, 2015-07-24 at 20:26 +0900, Sungbae Yoo wrote: > If current task has capabilities, Smack operations (eg. Changing own > smack > label) should be available even inside of namespace. > > Signed-off-by: Sungbae Yoo <sungbae.yoo@...sung.com> > > diff --git a/security/smack/smack_access.c > b/security/smack/smack_access.c index 00f6b38..f6b2c35 100644 > --- a/security/smack/smack_access.c > +++ b/security/smack/smack_access.c > @@ -639,7 +639,7 @@ int smack_privileged(int cap) > struct smack_known *skp = smk_of_current(); > struct smack_onlycap *sop; > > - if (!capable(cap)) > + if (!ns_capable(current_user_ns(), cap)) > return 0; It's not that easy. With this change Smack becomes completely insecure. You can change rules as an unprivileged user without any problems now. What you want is Smack namespace that was made to remedy exactly this issue (e.g. changing own labels inside a namespace). > > rcu_read_lock(); > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index a143328..7fdc3dd 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -403,7 +403,8 @@ static int smk_ptrace_rule_check(struct > task_struct *tracer, > rc = 0; > else if (smack_ptrace_rule == > SMACK_PTRACE_DRACONIAN) > rc = -EACCES; > - else if (capable(CAP_SYS_PTRACE)) > + else if (ns_capable(__task_cred(tracer)->user_ns, > + CAP_SYS_PTRACE)) > rc = 0; > else > rc = -EACCES; -- Lukasz Pawelczyk Samsung R&D Institute Poland Samsung Electronics -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists