lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Aug 2022 14:43:41 -0500 From: "Eric W. Biederman" <ebiederm@...ssion.com> To: Paul Moore <paul@...l-moore.com> Cc: Frederick Lawler <fred@...udflare.com>, kpsingh@...nel.org, revest@...omium.org, jackmanb@...omium.org, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, kafai@...com, songliubraving@...com, yhs@...com, john.fastabend@...il.com, jmorris@...ei.org, serge@...lyn.com, stephen.smalley.work@...il.com, eparis@...isplace.org, shuah@...nel.org, brauner@...nel.org, casey@...aufler-ca.com, bpf@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, kernel-team@...udflare.com, cgzones@...glemail.com, karl@...badwolfsecurity.com Subject: Re: [PATCH v4 0/4] Introduce security_create_user_ns() "Eric W. Biederman" <ebiederm@...ssion.com> writes: > Paul Moore <paul@...l-moore.com> writes: > >>> I did provide constructive feedback. My feedback to his problem >>> was to address the real problem of bugs in the kernel. >> >> We've heard from several people who have use cases which require >> adding LSM-level access controls and observability to user namespace >> creation. This is the problem we are trying to solve here; if you do >> not like the approach proposed in this patchset please suggest another >> implementation that allows LSMs visibility into user namespace >> creation. > > Please stop, ignoring my feedback, not detailing what problem or > problems you are actually trying to be solved, and threatening to merge > code into files that I maintain that has the express purpose of breaking > my users. > > You just artificially constrained the problems, so that no other > solution is acceptable. On that basis alone I am object to this whole > approach to steam roll over me and my code. If you want an example of what kind of harm it can cause to introduce a failure where no failure was before I invite you to look at what happened with sendmail when setuid was modified to fail, when changing the user of a process would cause RLIMIT_NPROC to be exceeded. I am not arguing that what you are proposing is that bad but unexpected failures cause real problems, and at a minimum that needs a better response than: "There is at least one user that wants a failure here". Frankly I would love to see an argument that semantically it ever makes sense for creating a user namespace to fail. If that argument has already been made, my apologies to the person who made as I missed it, in being sick and tired, and frustrated at being blown off, when I asked for a proper discuss of the problem at hand. Eric
Powered by blists - more mailing lists