| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Aug 2022 15:49:48 -0400
From: Paul Moore <paul@...l-moore.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Frederick Lawler <fred@...udflare.com>, kpsingh@...nel.org,
revest@...omium.org, jackmanb@...omium.org, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org, kafai@...com,
songliubraving@...com, yhs@...com, john.fastabend@...il.com,
jmorris@...ei.org, serge@...lyn.com,
stephen.smalley.work@...il.com, eparis@...isplace.org,
shuah@...nel.org, brauner@...nel.org, casey@...aufler-ca.com,
bpf@...r.kernel.org, linux-security-module@...r.kernel.org,
selinux@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
kernel-team@...udflare.com, cgzones@...glemail.com,
karl@...badwolfsecurity.com
Subject: Re: [PATCH v4 0/4] Introduce security_create_user_ns()
On Mon, Aug 8, 2022 at 3:26 PM Eric W. Biederman <ebiederm@...ssion.com> wrote:
> Paul Moore <paul@...l-moore.com> writes:
> >> I did provide constructive feedback. My feedback to his problem
> >> was to address the real problem of bugs in the kernel.
> >
> > We've heard from several people who have use cases which require
> > adding LSM-level access controls and observability to user namespace
> > creation. This is the problem we are trying to solve here; if you do
> > not like the approach proposed in this patchset please suggest another
> > implementation that allows LSMs visibility into user namespace
> > creation.
>
> Please stop, ignoring my feedback, not detailing what problem or
> problems you are actually trying to be solved, and threatening to merge
> code into files that I maintain that has the express purpose of breaking
> my users.
I've heard you talk about bugs being the only reason why people would
want to ever block user namespaces, but I think we've all seen use
cases now where it goes beyond that. However, even if it didn't, the
need to build high confidence/assurance systems where big chunks of
functionality can be disabled based on a security policy is a very
real use case, and this patchset would help enable that. I've noticed
you like to talk about these hooks being a source of "regressions",
but access controls are not regressions Eric, they are tools that
system builders, administrators, and users use to secure their
systems.
>From my perspective, I believe that addresses your feedback around
"fix the bugs" and "this is a regression", which is the only thing
I've noted from your responses in this thread and others, but if I'm
missing something more technical please let me/us know.
> You just artificially constrained the problems, so that no other
> solution is acceptable.
There is a real need to be able to gain both additional visibility and
access control over user namespace creation, please suggest the
approach(es) you would find acceptable.
> On that basis alone I am object to this whole
> approach to steam roll over me and my code.
I saw that choice of wording in your last email and thought it a bit
curious, so I did a quick git log dump on kernel/user_namespace.c and
I see approximately 31 contributors to that one file. I've always
thought of the open source maintainer role as more of a "steward" and
less of an "owner", but that's just my opinion.
--
paul-moore.com
Powered by blists - more mailing lists