lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a45b06e9-cc7a-289a-a2ac-cd06f15386be@redhat.com>
Date:   Wed, 3 Jan 2018 09:34:08 -0800
From:   Laura Abbott <labbott@...hat.com>
To:     Kees Cook <keescook@...omium.org>,
        Tom Horsley <horsley1953@...il.com>
Cc:     "Serge E. Hallyn" <serge@...lyn.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        David Howells <dhowells@...hat.com>,
        James Morris <james.l.morris@...cle.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] exec: Weaken dumpability for secureexec

On 01/03/2018 09:21 AM, Kees Cook wrote:
> On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley <horsley1953@...il.com> wrote:
>> On Wed, 3 Jan 2018 01:04:44 -0600
>> Serge E. Hallyn wrote:
>>
>>>> This weakens dumpability back to checking only for uid/gid changes in
>>>> current (which is useless), but userspace depends on dumpability not
>>>> being tied to secureexec.
>>>>
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1528633
>>>>
>>>> Reported-by: Tom Horsley <horsley1953@...il.com>
>>>
>>> Seems right, any chance we could get a tested-by: Tom?  (Did we already
>>> get that?)
>>
>> I didn't test it myself, but all I'd do is run the test program
>> I've attached to the bugzilla above which is trivial compared
>> to be learning how to patch and build kernels. So it would be
>> much simpler for someone with the kernel already built to
>> extract the tarball and type make :-).
> 
> This is what I did to verify it. Thank you very much for the test case!
> 
> -Kees
> 

I ran the test case again and can confirm that it works. I didn't
get a chance to try the other test case I reported (coredumping
systemd units) but I pointed the reporter to the patch.

Thanks,
Laura

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ