| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 May 2023 23:18:46 -0700
From: Christoph Hellwig <hch@...radead.org>
To: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
Cc: Serge Hallyn <serge@...lyn.com>, Paul Moore <paul@...l-moore.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>,
Frederick Lawler <fred@...udflare.com>,
Jens Axboe <axboe@...nel.dk>,
Joseph Qi <joseph.qi@...ux.alibaba.com>,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] capability: Introduce CAP_BLOCK_ADMIN
On Thu, May 11, 2023 at 03:05:18PM +0800, Tianjia Zhang wrote:
> Separated fine-grained capability CAP_BLOCK_ADMIN from CAP_SYS_ADMIN.
> For backward compatibility, the CAP_BLOCK_ADMIN capability is included
> within CAP_SYS_ADMIN.
Splitting out capabilities tends to massivel break userspace. Don't
do it.
> CAP_SYS_ADMIN is required in the PR protocol implementation of existing
> block devices in the Linux kernel, which has too many sensitive
> permissions, which may lead to risks such as container escape. The
> kernel needs to provide more fine-grained permission management like
> CAP_NET_ADMIN to avoid online products directly relying on root to run.
I'm pretty sure the PR API can be keyed off just permissions on the
block device node as nothing in it is fundamentally unsafe.
Please work on relaxing the permissions checks there.
Powered by blists - more mailing lists