| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Oct 2018 05:20:31 +1000 (AEST)
From: James Morris <jmorris@...ei.org>
To: Dave Chinner <david@...morbit.com>
cc: "Darrick J. Wong" <darrick.wong@...cle.com>,
Alan Cox <gnomes@...rguk.ukuu.org.uk>,
TongZhang <ztong@...edu>, linux-xfs@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org,
Wenbo Shen <shenwenbosmile@...il.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
Paul Moore <paul@...l-moore.com>
Subject: Re: Leaking Path in XFS's ioctl interface(missing LSM check)
On Tue, 2 Oct 2018, Dave Chinner wrote:
> On Tue, Oct 02, 2018 at 06:08:16AM +1000, James Morris wrote:
> > On Mon, 1 Oct 2018, Darrick J. Wong wrote:
> >
> > > If we /did/ replace CAP_SYS_ADMIN checking with a pile of LSM hooks,
> >
> > Not sure we'd need a pile of hooks, what about just "read" and "write"
> > storage admin?
> >
> > Or even two new capabilities along these lines, which we convert existing
> > CAP_SYS_ADMIN etc. to?
>
> So instead of having hundreds of management ioctls under
> CAP_SYS_ADMIN, we'd now have hundreds of non-storage ioctls under
> CAP_SYS_ADMIN and hundreds of storage ioctls under
> CAP_SYS_STORAGE_ADMIN?
>
> Maybe I'm missing something, but I don't see how that improves the
> situation w.r.t. locked down LSM configurations?
I'm not sure about capabilities, but having two specific LSM hooks for
storage admin would allow SELinux et al to explicitly control privileged
access to these interfaces. Storage admin seems to be a special case of
its own which we want to be able to mediate as such.
--
James Morris
<jmorris@...ei.org>
Powered by blists - more mailing lists