lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Apr 2014 19:37:02 +0900 From: Lorenzo Colitti <lorenzo@...gle.com> To: Ben Hutchings <ben@...adent.org.uk>, Florian Westphal <fw@...len.de>, netdev <netdev@...r.kernel.org>, Vasiliy Kulikov <segoon@...nwall.com>, Lorenzo Colitti <lorenzo@...gle.com> Subject: Re: [RFC][PATCH] IP: Make ping sockets optional On Fri, Apr 25, 2014 at 1:37 AM, Hannes Frederic Sowa <hannes@...essinduktion.org> wrote: > The origins of this interface are in the openwall project. I assume > embedded devices were not that high up on their agenda. One of the original discussion threads I posted above has a link to a lengthy discussion on why the original designers of this code thought capabilities were not a good idea from a security standpoint. > We absolutely cannot abandon the interface as it already is in use by > android, as Lorenzo stated. Well, the fact that it's in use by Android doesn't mean it can't be made optional - Android can just turn the feature on in their kernels. It would be unfortunate if it were to be removed entirely. > Will android switch to file based capabilities > in some time? Is that possible? I think Android does support file capabilities. But this socket type is not just for the ping binary. The fact that this socket type is available to any binary allows any application developer to write an app that can send ping packets. That seems like a useful capability for a diagnostic app. On the other hand, it seems to me that giving that same diagnostic app CAP_NET_RAW would be unacceptable from a security point of view since that app would now be able to sniff all traffic on the system, with obvious privacy implications. There are also the usual security concerns such as what if an exploit is discovered in the ping binary, etc. etc. What's the problem with this code? Is it just the 10KB in size? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists