| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Nov 2018 10:19:43 -0800
From: Luis Chamberlain <mcgrof@...nel.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Radoslaw Burny <rburny@...gle.com>,
Seth Forshee <seth.forshee@...onical.com>,
Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
jsperbeck@...gle.com
Subject: Re: [PATCH] fs: Make /proc/sys inodes be owned by global root.
On Fri, Nov 30, 2018 at 08:48:11AM -0600, Eric W. Biederman wrote:
> Luis Chamberlain <mcgrof@...nel.org> writes:
>
> > The logic seems sensible then, but are we implicating what a container
> > does with its sysctl values onto the entire system? If so, sure, it
> > seems you want this for networking purposes as there are a series of
> > sysctl values a container may want to muck with, but are we sure we
> > want the same for *all* sysctl entries?
>
> No. Please look at the patch again. It sets the default uid and gid
> for sysctl entries to 0. AKA GLOBAL_ROOT_UID and GLOBAL_ROOT_GID
> because there is a bug and they were not set to that value.
>
> Those are the uids and gids that are tested agasint. It just happens
> you have to be in a weird configuration for this bug to become a problem.
Thanks, then provided the commit lot is modified:
Acked-by: Luis Chamberlain <mcgrof@...nel.org>
Luis
Powered by blists - more mailing lists