| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171021134558.21195-1-nicolas@belouin.fr>
Date: Sat, 21 Oct 2017 15:45:57 +0200
From: Nicolas Belouin <nicolas@...ouin.fr>
To: Jan Kara <jack@...e.com>, "Theodore Ts'o" <tytso@....edu>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jaegeuk Kim <jaegeuk@...nel.org>, Chao Yu <yuchao0@...wei.com>,
David Woodhouse <dwmw2@...radead.org>,
Dave Kleikamp <shaggy@...nel.org>,
Mark Fasheh <mfasheh@...sity.com>,
Joel Becker <jlbec@...lplan.org>,
Miklos Szeredi <miklos@...redi.hu>,
Phillip Lougher <phillip@...ashfs.org.uk>,
Richard Weinberger <richard@....at>,
Artem Bityutskiy <dedekind1@...il.com>,
Adrian Hunter <adrian.hunter@...el.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Serge Hallyn <serge@...lyn.com>,
Paul Moore <paul@...l-moore.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
Eric Paris <eparis@...isplace.org>,
James Morris <james.l.morris@...cle.com>,
linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net,
linux-fsdevel@...r.kernel.org, linux-mtd@...ts.infradead.org,
jfs-discussion@...ts.sourceforge.net, ocfs2-devel@....oracle.com,
linux-unionfs@...r.kernel.org, reiserfs-devel@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
linux-api@...r.kernel.org, kernel-hardening@...ts.openwall.com
Cc: Nicolas Belouin <nicolas@...ouin.fr>
Subject: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED
with CAP_SYS_ADMIN being bloated, the usefulness of using it to
flag a process to be entrusted for e.g reading and writing trusted
xattr is near zero.
CAP_TRUSTED aims to provide userland with a way to mark a process as
entrusted to do specific (not specially admin-centered) actions. It
would for example allow a process to red/write the trusted xattrs.
Signed-off-by: Nicolas Belouin <nicolas@...ouin.fr>
---
include/uapi/linux/capability.h | 6 +++++-
security/selinux/include/classmap.h | 5 +++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index ce230aa6d928..27e457b93c84 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -369,7 +369,11 @@ struct vfs_ns_cap_data {
#define CAP_SYS_MOUNT 38
-#define CAP_LAST_CAP CAP_SYS_MOUNT
+/* Allow read/write trusted xattr */
+
+#define CAP_TRUSTED 39
+
+#define CAP_LAST_CAP CAP_TRUSTED
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index a873dce97fd5..f5dc8e109f5a 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -24,9 +24,10 @@
"audit_control", "setfcap"
#define COMMON_CAP2_PERMS "mac_override", "mac_admin", "syslog", \
- "wake_alarm", "block_suspend", "audit_read", "sys_mount"
+ "wake_alarm", "block_suspend", "audit_read", "sys_mount", \
+ "trusted"
-#if CAP_LAST_CAP > CAP_SYS_MOUNT
+#if CAP_LAST_CAP > CAP_TRUSTED
#error New capability defined, please update COMMON_CAP2_PERMS.
#endif
--
2.14.2
Powered by blists - more mailing lists