| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Sep 2021 16:56:44 +0200
From: Miklos Szeredi <miklos@...redi.hu>
To: "Dr. David Alan Gilbert" <dgilbert@...hat.com>
Cc: Andreas Gruenbacher <agruenba@...hat.com>,
Vivek Goyal <vgoyal@...hat.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
virtio-fs-list <virtio-fs@...hat.com>,
Daniel J Walsh <dwalsh@...hat.com>,
Christian Brauner <christian.brauner@...ntu.com>,
casey.schaufler@...el.com,
LSM <linux-security-module@...r.kernel.org>,
SElinux list <selinux@...r.kernel.org>,
"Theodore Ts'o" <tytso@....edu>,
Giuseppe Scrivano <gscrivan@...hat.com>,
"Fields, Bruce" <bfields@...hat.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Dave Chinner <david@...morbit.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [PATCH v3 0/1] Relax restrictions on user.* xattr
On Mon, 6 Sept 2021 at 16:39, Dr. David Alan Gilbert
<dgilbert@...hat.com> wrote:
> IMHO the real problem here is that the user/trusted/system/security
> 'namespaces' are arbitrary hacks rather than a proper namespacing
> mechanism that allows you to create new (nested) namespaces and associate
> permissions with each one.
Indeed.
This is what Eric Biederman suggested at some point for supporting
trusted xattrs within a user namespace:
| For trusted xattrs I think it makes sense in principle. The namespace
| would probably become something like "trusted<ns-root-uid>.".
Theory sounds simple enough. Anyone interested in looking at the details?
Thanks,
Miklos
Powered by blists - more mailing lists