lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <128e6282-8fa5-0d4b-62f2-0d7408b0d184@gmail.com>
Date:   Wed, 13 Nov 2019 17:28:52 +0200
From:   Topi Miettinen <toiwoton@...il.com>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>,
        Kees Cook <keescook@...omium.org>
Cc:     Luis Chamberlain <mcgrof@...nel.org>,
        Alexey Dobriyan <adobriyan@...il.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "open list:FILESYSTEMS (VFS and infrastructure)" 
        <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH] proc: Allow restricting permissions in /proc/sys

On 13.11.2019 16.52, Eric W. Biederman wrote:
> Kees Cook <keescook@...omium.org> writes:
> 
>> Ah! I see the v2 here now. :) Can you please include that in your
>> Subject next time, as "[PATCH v2] proc: Allow restricting permissions
>> in /proc/sys"? Also, can you adjust your MUA to not send a duplicate
>> attachment? The patch inline is fine.
>>
>> Please CC akpm as well, since I think this should likely go through the
>> -mm tree.
>>
>> Eric, do you have any other thoughts on this?
> 
> This works seems to be a cousin of having a proc that is safe for
> containers.
> 
> Which leads to the whole mess that hide_pid is broken in proc last I
> looked.
> 
> So my sense is that what we want to do is not allow changing the
> permissions but to sort through what it will take to provide actual
> mount options to proc (that are per mount).  Thus removing the sharing
> that is (currently?) breaking the hide_pid option.
> 
> With such an infrastructure in place we can provide a mount option
> (possibly default on when mounted by non-root) that keeps anything that
> unprivileged users don't need out of proc.  Which is likely to be most
> things except the pid files.
> 
> It is something I probably should be working on, but I got derailed
> by the disaster that has that happened with mounting.    Even after
> I gave code review and showed them how to avoid it the new mount api
> is still not possible to use safely.

Are you perhaps referring to proc modernization patch set:

https://lkml.org/lkml/2018/5/11/155

Getting that reviewed and committed would be awesome!

-Topi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ