lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2020 11:02:28 -0700 From: Andrei Vagin <avagin@...il.com> To: Christian Brauner <christian.brauner@...ntu.com> Cc: Adrian Reber <areber@...hat.com>, Eric Biederman <ebiederm@...ssion.com>, Pavel Emelyanov <ovzxemul@...il.com>, Oleg Nesterov <oleg@...hat.com>, Dmitry Safonov <0x7f454c46@...il.com>, Nicolas Viennot <Nicolas.Viennot@...sigma.com>, Michał Cłapiński <mclapinski@...gle.com>, Kamil Yurtsever <kyurtsever@...gle.com>, Dirk Petersen <dipeit@...il.com>, Christine Flood <chf@...hat.com>, Mike Rapoport <rppt@...ux.ibm.com>, Radostin Stoyanov <rstoyanov1@...il.com>, Cyrill Gorcunov <gorcunov@...nvz.org>, Serge Hallyn <serge@...lyn.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Sargun Dhillon <sargun@...gun.me>, Arnd Bergmann <arnd@...db.de>, Aaron Goidel <acgoide@...ho.nsa.gov>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, selinux@...r.kernel.org, Eric Paris <eparis@...isplace.org>, Jann Horn <jannh@...gle.com> Subject: Re: [PATCH] capabilities: Introduce CAP_RESTORE On Fri, May 22, 2020 at 09:53:31AM +0200, Christian Brauner wrote: > On Fri, May 22, 2020 at 07:53:50AM +0200, Adrian Reber wrote: > > > > There are probably a few more things guarded by CAP_SYS_ADMIN required > > to run checkpoint/restore as non-root, but by applying this patch I can > > already checkpoint and restore processes as non-root. As there are > > already multiple workarounds I would prefer to do it correctly in the > > kernel to avoid that CRIU users are starting to invent more workarounds. > > It sounds ok to me as long as this feature is guarded by any sensible > capability. I don't want users to be able to randomly choose their pid > without any capability required. > > We've heard the plea for unprivileged checkpoint/restore through the > grapevine and a few times about CAP_RESTORE at plumbers but it's one of > those cases where nobody pushed for it so it's urgency was questionable. > This is 5.9 material though and could you please add selftests? > > It also seems you have future changes planned that would make certain > things accessible via CAP_RESTORE that are currently guarded by other > capabilities. Any specific things in mind? It might be worth knowing > what we'd be getting ourselves into if you're planning on flipping > switches in other places. /proc/pid/map_files is one of the first candidate what we need to think about. CRIU opens files from /proc/pid/map_files to dump file mappings, shared memory mappings, memfd files. Right now, it is impossible to open these files without CAP_SYS_ADMIN in the root user-namespace (proc_map_files_get_link).
Powered by blists - more mailing lists