lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 18 Feb 2016 19:59:48 +0800
From:	Zhao Lei <zhaolei@...fujitsu.com>
To:	'Mateusz Guzik' <mguzik@...hat.com>,
	"'Eric W. Biederman'" <ebiederm@...ssion.com>
CC:	<containers@...ts.linux-foundation.org>,
	<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] Make core_pattern support namespace

Hi, Mateusz Guzik

> -----Original Message-----
> From: Mateusz Guzik [mailto:mguzik@...hat.com]
> Sent: Thursday, February 18, 2016 4:54 AM
> To: Eric W. Biederman <ebiederm@...ssion.com>
> Cc: Zhao Lei <zhaolei@...fujitsu.com>; containers@...ts.linux-foundation.org;
> linux-kernel@...r.kernel.org
> Subject: Re: [PATCH] Make core_pattern support namespace
> 
> On Wed, Feb 17, 2016 at 02:15:24PM -0600, Eric W. Biederman wrote:
> > Mateusz Guzik <mguzik@...hat.com> writes:
> > > On Tue, Feb 16, 2016 at 07:33:39PM +0800, Zhao Lei wrote:
> > >> For container based on namespace design, it is good to allow
> > >> each container keeping their own coredump setting.
> > >
> > > Sorry if this is a false alarm, I don't have easy means to test it, but
> > > is not this an immediate privilege escalation?
> >
> > It is.  This is why we do not currently have a per namespace setting.
> >
> 
> Thanks for confimation.
> 
> > Solving the user mode helper problem is technically a fair amount of
> > work, if not theoretically challenging.
> >
> 
> Well, I would say custom core_patterns without pipe support are still
> better than none.
> 
+1.

> Say one would ensure a stable core_pattern (i.e. that it cannot be
> modified as it is being parsed) and a restricted set of allowed
> characters in the pattern (which would not include the pipe), validated
> when one attempts to set the pattern.
> 
> Does this sound acceptable? If so, and there are no counter ideas from
> Lei, I can get around to that.
> 
If we can let kernel select pipe_program in vm's filesystem, and run
pipe_program with vm's filesystem, set a pipe for core_patterm in vm
will be safe.
What is your opinion on above solution?

If above way is not acceptable, or impossible to realize, I also
agree your solution of limit vm setting pipe.

Thanks
Zhaolei

> --
> Mateusz Guzik

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ