lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160124015643.GA6601@pc.thejh.net>
Date:	Sun, 24 Jan 2016 02:56:43 +0100
From:	Jann Horn <jann@...jh.net>
To:	Al Viro <viro@...IV.linux.org.uk>
Cc:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	kernel-hardening@...ts.openwall.com,
	Kees Cook <keescook@...omium.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Richard Weinberger <richard@....at>,
	Andy Lutomirski <luto@...capital.net>,
	Robert Święcki <robert@...ecki.net>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	David Howells <dhowells@...hat.com>,
	Miklos Szeredi <mszeredi@...e.cz>,
	Kostya Serebryany <kcc@...gle.com>,
	Alexander Potapenko <glider@...gle.com>,
	Eric Dumazet <edumazet@...gle.com>,
	Sasha Levin <sasha.levin@...cle.com>,
	linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [kernel-hardening] Re: [PATCH 1/2] sysctl: expand use of
 proc_dointvec_minmax_sysadmin

On Sun, Jan 24, 2016 at 01:43:42AM +0000, Al Viro wrote:
> On Sat, Jan 23, 2016 at 07:20:17PM -0600, Eric W. Biederman wrote:
> 
> > Yep.  That is about the size of it.  file * used to be passed to the
> > sysctl methods but it was removed several years ago because no one was
> > using it.
> 
> Generally cred would be better...

> Alternatively we could eat one more
> pointer in task_struct and stash a reference to that sucker there, rather
> than adding an explicit argument (again, with cred instead of file).
> Not sure...

I think it makes sense to do this the same way as the rest of the VFS code
here (which passes the creds down through an argument).

And adding the arguments everywhere doesn't really mean more work - either
way, someone should probably go through all of those sysctl handlers and
fix them up to use the file creds.

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ