| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Jan 2021 14:49:35 -0600
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Miklos Szeredi <miklos@...redi.hu>
Cc: "Serge E. Hallyn" <serge@...lyn.com>,
Miklos Szeredi <mszeredi@...hat.com>,
linux-fsdevel@...r.kernel.org,
overlayfs <linux-unionfs@...r.kernel.org>,
LSM <linux-security-module@...r.kernel.org>,
linux-kernel@...r.kernel.org,
Christian Brauner <christian.brauner@...ntu.com>
Subject: Re: [PATCH 2/2] security.capability: fix conversions on getxattr
Miklos Szeredi <miklos@...redi.hu> writes:
> On Thu, Jan 28, 2021 at 9:24 PM Eric W. Biederman <ebiederm@...ssion.com> wrote:
>
>> <aside>
>> From our previous discussions I would also argue it would be good
>> if there was a bypass that skipped all conversions if the reader
>> and the filesystem are in the same user namespace.
>> </aside>
>
> That's however just an optimization (AFAICS) that only makes sense if
> it helps a read world workload. I'm not convinced that that's the
> case.
It is definitely a different issue.
>From previous conversations with Serge, there is a concern with a
sysadmin wanting to see what is actually on disk. In case there are
bugs that care about the different layout. Just passing everything
through when no translation is necessary will allow that kind of
diagnosis.
As your patch demonstrates we already have had bugs in this area
so being able to get at the raw data may help people if they get into a
situation where bugs matter.
Eric
Powered by blists - more mailing lists