From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752010Ab3JDJFo (ORCPT ); Fri, 4 Oct 2013 05:05:44 -0400 Received: from numidia.opendz.org ([98.142.220.152]:51160 "EHLO numidia.opendz.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750974Ab3JDJFl (ORCPT ); Fri, 4 Oct 2013 05:05:41 -0400 Date: Fri, 4 Oct 2013 10:05:38 +0100 From: Djalal Harouni To: Ingo Molnar Cc: Kees Cook , Andy Lutomirski , "Eric W. Biederman" , Al Viro , Andrew Morton , Linus Torvalds , "Serge E. Hallyn" , Cyrill Gorcunov , David Rientjes , LKML , Linux FS Devel , "kernel-hardening@lists.openwall.com" , Djalal Harouni Subject: Re: [PATCH v2 0/9] procfs: protect /proc//* files with file->f_cred Message-ID: <20131004090538.GB2157@dztty> References: <1380659178-28605-1-git-send-email-tixxdz@opendz.org> <524B7999.60806@amacapital.net> <20131002143759.GA2966@dztty> <20131002182206.GB2485@dztty> <20131002184844.GB3393@dztty> <20131003061244.GC25345@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20131003061244.GC25345@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote: > So please first get consensus on this fundamental design question before > spreading your solution to more areas. Check file_ns_capable() added in commit 935d8aabd4331 by Linus Add file_ns_capable() helper function for open-time capability checking commit 6708075f104c3c9b0 by Eric, userns: Don't let unprivileged users trick privileged users into setting the id_map So they add file_ns_capable() to inspect file->f_cred during ->write() The difference between the function I've added proc_allow_access() and file_ns_capable() is that proc_allow_access() will check if it's absolutely the same user, otherwise fallback to security_capable() which is the heart of file_ns_capable() So it's already been done and proposed! this is an easy solution to detect if current's cred have changed. > Thanks, > > Ingo -- Djalal Harouni http://opendz.org From mboxrd@z Thu Jan 1 00:00:00 1970 From: Djalal Harouni Subject: Re: [PATCH v2 0/9] procfs: protect /proc//* files with file->f_cred Date: Fri, 4 Oct 2013 10:05:38 +0100 Message-ID: <20131004090538.GB2157@dztty> References: <1380659178-28605-1-git-send-email-tixxdz@opendz.org> <524B7999.60806@amacapital.net> <20131002143759.GA2966@dztty> <20131002182206.GB2485@dztty> <20131002184844.GB3393@dztty> <20131003061244.GC25345@gmail.com> Reply-To: kernel-hardening@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Kees Cook , Andy Lutomirski , "Eric W. Biederman" , Al Viro , Andrew Morton , Linus Torvalds , "Serge E. Hallyn" , Cyrill Gorcunov , David Rientjes , LKML , Linux FS Devel , "kernel-hardening@lists.openwall.com" , Djalal Harouni To: Ingo Molnar Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Content-Disposition: inline In-Reply-To: <20131003061244.GC25345@gmail.com> List-Id: linux-fsdevel.vger.kernel.org On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote: > So please first get consensus on this fundamental design question before > spreading your solution to more areas. Check file_ns_capable() added in commit 935d8aabd4331 by Linus Add file_ns_capable() helper function for open-time capability checking commit 6708075f104c3c9b0 by Eric, userns: Don't let unprivileged users trick privileged users into setting the id_map So they add file_ns_capable() to inspect file->f_cred during ->write() The difference between the function I've added proc_allow_access() and file_ns_capable() is that proc_allow_access() will check if it's absolutely the same user, otherwise fallback to security_capable() which is the heart of file_ns_capable() So it's already been done and proposed! this is an easy solution to detect if current's cred have changed. > Thanks, > > Ingo -- Djalal Harouni http://opendz.org From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com Date: Fri, 4 Oct 2013 10:05:38 +0100 From: Djalal Harouni Message-ID: <20131004090538.GB2157@dztty> References: <1380659178-28605-1-git-send-email-tixxdz@opendz.org> <524B7999.60806@amacapital.net> <20131002143759.GA2966@dztty> <20131002182206.GB2485@dztty> <20131002184844.GB3393@dztty> <20131003061244.GC25345@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20131003061244.GC25345@gmail.com> Subject: [kernel-hardening] Re: [PATCH v2 0/9] procfs: protect /proc//* files with file->f_cred To: Ingo Molnar Cc: Kees Cook , Andy Lutomirski , "Eric W. Biederman" , Al Viro , Andrew Morton , Linus Torvalds , "Serge E. Hallyn" , Cyrill Gorcunov , David Rientjes , LKML , Linux FS Devel , "kernel-hardening@lists.openwall.com" , Djalal Harouni List-ID: On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote: > So please first get consensus on this fundamental design question before > spreading your solution to more areas. Check file_ns_capable() added in commit 935d8aabd4331 by Linus Add file_ns_capable() helper function for open-time capability checking commit 6708075f104c3c9b0 by Eric, userns: Don't let unprivileged users trick privileged users into setting the id_map So they add file_ns_capable() to inspect file->f_cred during ->write() The difference between the function I've added proc_allow_access() and file_ns_capable() is that proc_allow_access() will check if it's absolutely the same user, otherwise fallback to security_capable() which is the heart of file_ns_capable() So it's already been done and proposed! this is an easy solution to detect if current's cred have changed. > Thanks, > > Ingo -- Djalal Harouni http://opendz.org