lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110326103539.GA4719@albatros>
Date:	Sat, 26 Mar 2011 13:35:39 +0300
From:	Vasiliy Kulikov <segoon@...nwall.com>
To:	David Miller <davem@...emloft.net>
Cc:	shemminger@...tta.com, serge.hallyn@...ntu.com,
	bhutchings@...arflare.com, eparis@...hat.com,
	eparis@...isplace.org, linux-kernel@...r.kernel.org,
	mjt@....msk.ru, arnd@...db.de, mirqus@...il.com,
	netdev@...r.kernel.org, kuznet@....inr.ac.ru, pekkas@...core.fi,
	jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net,
	eric.dumazet@...il.com, therbert@...gle.com, xiaosuo@...il.com,
	jesse@...ira.com, kees.cook@...onical.com, eugene@...hat.com,
	dan.j.rosenberg@...il.com, akpm@...ux-foundation.org,
	greg@...ah.com, sds@...ho.nsa.gov,
	linux-security-module@...r.kernel.org, dwalsh@...hat.com,
	dhowells@...hat.com
Subject: Re: [PATCH v2] net: don't allow CAP_NET_ADMIN to load non-netdev
 kernel modules

On Thu, Mar 24, 2011 at 14:46 -0700, David Miller wrote:
> You can't say "userland will fix things up"
> 
> Because we're never supposed to break userland in the first place.

I admit that the patch breaks things.

But the thing is that kernel changes _are_ breaking userspace here and
there, not only by such obvious policy changes, but by indirect changes.
Note that the patch that changed CAP_SYS_MODULE to CAP_NET_ADMIN has
broken userspace behavior too - one could load modules with
CAP_SYS_MODULE without CAP_NET_ADMIN via "ifconfig wifi0" and after the
patch it could not.

Look at this patch:
http://patchwork.ozlabs.org/patch/42148/

It breaks userspace tools too - one might run LSM in learning mode to
create a profile for netfilter configuring, saw it didn't need any CAP_*
and totally denied them in the profile.  After many years (the bug was
fixed after 5+ years!) of good work it was broken by the patch.  The same
with plenty of patches that introduce different checks in places where
there were no permission checks at all or these checks were broken.

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ