| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJ2a_Dd_sz2LYEEJJhiJE=JP81V4AvET=jgSyRe73eF-YjeXhg@mail.gmail.com>
Date: Mon, 25 Nov 2024 12:48:27 +0100
From: Christian Göttsche <cgzones@...glemail.com>
To: Richard Weinberger <richard@....at>
Cc: LSM <linux-security-module@...r.kernel.org>,
Boris Brezillon <boris.brezillon@...labora.com>, Steven Price <steven.price@....com>,
Liviu Dudau <liviu.dudau@....com>, Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>,
David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
chengzhihao1 <chengzhihao1@...wei.com>, "Serge E. Hallyn" <serge@...lyn.com>,
Julia Lawall <Julia.Lawall@...ia.fr>, Nicolas Palix <nicolas.palix@...g.fr>,
linux-kernel <linux-kernel@...r.kernel.org>,
DRI mailing list <dri-devel@...ts.freedesktop.org>, linux-mtd <linux-mtd@...ts.infradead.org>,
cocci <cocci@...ia.fr>
Subject: Re: [PATCH 06/11] ubifs: reorder capability check last
On Mon, 25 Nov 2024 at 12:31, Richard Weinberger <richard@....at> wrote:
>
> ----- Ursprüngliche Mail -----
> > Von: "Christian Göttsche" <cgoettsche@...tendoof.de>
> > capable() calls refer to enabled LSMs whether to permit or deny the
> > request. This is relevant in connection with SELinux, where a
> > capability check results in a policy decision and by default a denial
> > message on insufficient permission is issued.
> > It can lead to three undesired cases:
> > 1. A denial message is generated, even in case the operation was an
> > unprivileged one and thus the syscall succeeded, creating noise.
> > 2. To avoid the noise from 1. the policy writer adds a rule to ignore
> > those denial messages, hiding future syscalls, where the task
> > performs an actual privileged operation, leading to hidden limited
> > functionality of that task.
> > 3. To avoid the noise from 1. the policy writer adds a rule to permit
> > the task the requested capability, while it does not need it,
> > violating the principle of least privilege.
> >
> > Signed-off-by: Christian Göttsche <cgzones@...glemail.com>
> > ---
> > drivers/gpu/drm/panthor/panthor_drv.c | 2 +-
>
> This change is unrelated, please remove it.
Sorry, somehow these two changes got erroneously combined in a single patch.
I'll send a v2 with them split into separate ones.
>
> > fs/ubifs/budget.c | 5 +++--
> > 2 files changed, 4 insertions(+), 3 deletions(-)
>
> [...]
>
> > diff --git a/fs/ubifs/budget.c b/fs/ubifs/budget.c
> > index d76eb7b39f56..6137aeadec3f 100644
> > --- a/fs/ubifs/budget.c
> > +++ b/fs/ubifs/budget.c
> > @@ -256,8 +256,9 @@ long long ubifs_calc_available(const struct ubifs_info *c,
> > int min_idx_lebs)
> > */
> > static int can_use_rp(struct ubifs_info *c)
> > {
> > - if (uid_eq(current_fsuid(), c->rp_uid) || capable(CAP_SYS_RESOURCE) ||
> > - (!gid_eq(c->rp_gid, GLOBAL_ROOT_GID) && in_group_p(c->rp_gid)))
> > + if (uid_eq(current_fsuid(), c->rp_uid) ||
> > + (!gid_eq(c->rp_gid, GLOBAL_ROOT_GID) && in_group_p(c->rp_gid)) ||
> > + capable(CAP_SYS_RESOURCE))
> > return 1;
> > return 0;
> > }
>
> The UBIFS part looks ok:
>
> Acked-by: Richard Weinberger <richard@....at>
>
> Since I was not CC'ed to the whole series, I miss a lot of context.
The series consists of similar patches to other subsystems and a
coccinelle script addition.
See https://lore.kernel.org/linux-security-module/20241125104011.36552-11-cgoettsche@seltendoof.de/#t
> Will this series merged as a whole? By whom?
>
> Thanks,
> //richard
Powered by blists - more mailing lists