All of lore.kernel.org
 help / color / mirror / Atom feed
From: Klaus Ethgen <Klaus+lkml@ethgen.de>
To: Austin S Hemmelgarn <ahferroin7@gmail.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
	"Theodore Ts'o" <tytso@mit.edu>,
	Andy Lutomirski <luto@amacapital.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Christoph Lameter <cl@linux.com>,
	Andy Lutomirski <luto@kernel.org>,
	Serge Hallyn <serge.hallyn@ubuntu.com>,
	Kees Cook <keescook@chromium.org>,
	Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities
Date: Mon, 9 Nov 2015 18:23:43 +0100	[thread overview]
Message-ID: <20151109172340.GF3714@ikki.ethgen.ch> (raw)
In-Reply-To: <5640C999.5050807@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am Mo den  9. Nov 2015 um 17:28 schrieb Austin S Hemmelgarn:
> >Having some scripts in the process is definitively a nightmare to
> >control. That should be prevented wherever possible. And usually it is
> >as the scripts might be used for computing some values that are used
> >later in privileged stuff.
> It's still unavoidable in a number of cases.  It's easy to re-write scripts
> to fit any local configuration.  It's not anywhere near as easy to re-write
> a compiled program to account for any local configuration.

I would not only say that it is avoidable, it is the worst that can
happen.

Usually a shell is calling a binary to do the real work. So it should
even never ever needed to have some raised privileges for the shell.

> >Good example are all that userspace python tools that throw all that
> >stack traces around the users ears (I don't know if that saying exists
> >in English...) instead of giving proper error messages.
> This is debatable.  While the app should be giving a user friendly error
> message, getting a stack-trace and the exception name (and the exceptions
> are usually sanely named) is still far better than just getting something
> like 'Segmentation Fault', or just returning the error in the return code.
> There is no added security from not providing the stack-trace because there
> is no data leaked by it (it contains no information about the contents of
> variables, and function names and included libraries can easily be seen by
> just looking at the python program itself).

My pointing to that python problem is not about security then about how
lazy some developer are. And lazyness and security is nothing that can
go together.

> >By the way, guys, can we start to _not_ add every one in this discussion
> >to the Cc? Currently I get every mail twice. One from the list and one
> >from Cc. I still leave all Ccs intact with this mail but I would prefer
> >to just reply to the list. If anybody is not reading the list and would
> >like to get the mail, please insist.
> If you're getting duplicates with the same Message-ID header, then your
> mail-server is (arguably) broken.

I do not know any mailserver that cares about message-ids. Even more,
which one is the original one if they differ in body? (as they do for
example in this list.)

It it even more broken as some (surely broken) MUAs reuse message ids.

> It should be delivering exactly one copy of a message with a given
> Message-ID: header (this is really a de-facto standard,

I wouldn't say so.

> GMail, Yahoo, and most other mail-providers do this, as does
> Exchange.

I would say, they are broken as they suppress users data.

> Postfix does not, but it's pretty easy to work around with some
> filtering and procmail).

Well, pestfix dos it right here. A MTA has to transport the mails and
never ever suppress some.

But lets keep that stuff offlist, it is OT. I will go ahead with group
reply.

Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJWQNaJAAoJEKZ8CrGAGfasC9UL/3ipt684NO2m5P6YLjrLGqPY
9TnEJz4ks0uKJsOPMXX7v54eUG6Jv0o1uj28aI/pcFxszBRALLpar2TAuAz6dWID
0hhB2kt/3TaEV00aOP5fzl/BzjwozxYiavYri10B4xqbLOtJEpKgCWNhLpMdEqGO
ksgSx/Qqo+lB49uTjueC63Z3dU4T1CL6+iUbPx6MeLURGI1rYn4yye6n33AlceEL
/y5jEfscxl9htAtC6O9DJHGp6EgN1Yc7rXdSIYVNqXt3GKTAnfmeVlnt8EO+kOmg
zA2fzIXMvt2ZIOWF6TCCSE9tghuFY6S2gnVpmwR0m02JqD+vTarlbzldeDbsI+bg
avcEAdmGBfMf1WibAHAazt/GUVMKaMw5rPhj7nXrv5rx+x6NvjNoY1aBb8yEbGjR
nvNOcHp6tbMJuBHBWBwtcV1HJafvNm8GzhAVYwQf0efJY4x46E2xDfgaS4hgXvEN
yhtGkX5OEVaEvixB2Lkt37UUF8Ix3kqMweW7+sp5vw==
=nlsD
-----END PGP SIGNATURE-----

  reply	other threads:[~2015-11-09 17:23 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-02 18:06 Kernel 4.3 breaks security in systems using capabilities Klaus Ethgen
2015-11-02 18:38 ` Richard Weinberger
2015-11-02 18:50   ` Andy Lutomirski
2015-11-02 19:16     ` [KERNEL] " Klaus Ethgen
2015-11-02 19:45       ` Andy Lutomirski
2015-11-05 10:19         ` [KERNEL] " Klaus Ethgen
2015-11-05 16:15           ` Serge E. Hallyn
2015-11-05 17:17             ` [KERNEL] " Klaus Ethgen
2015-11-05 17:34               ` Serge E. Hallyn
2015-11-05 17:48                 ` [KERNEL] " Klaus Ethgen
2015-11-05 19:01                   ` Andy Lutomirski
2015-11-05 22:08                     ` Serge E. Hallyn
2015-11-06 13:58                       ` [KERNEL] " Klaus Ethgen
2015-11-06 15:53                         ` Theodore Ts'o
2015-11-06 17:15                           ` Andy Lutomirski
2015-11-06 17:51                           ` Casey Schaufler
2015-11-06 18:05                             ` Serge E. Hallyn
2015-11-06 17:56                           ` [KERNEL] " Klaus Ethgen
2015-11-06 18:18                             ` Serge E. Hallyn
2015-11-07 11:02                               ` [KERNEL] " Klaus Ethgen
2015-11-08 17:05                                 ` Serge E. Hallyn
2015-11-09 16:28                                 ` Austin S Hemmelgarn
2015-11-09 17:23                                   ` Klaus Ethgen [this message]
2015-11-09 19:02                                     ` [KERNEL] " Austin S Hemmelgarn
2015-11-09 21:29                                       ` [KERNEL] " Klaus Ethgen
2015-11-10  0:06                                         ` Andy Lutomirski
2015-11-10 11:55                                           ` [KERNEL] " Klaus Ethgen
2015-11-10 12:40                                             ` Theodore Ts'o
2015-11-10 13:19                                               ` [KERNEL] [PATCH] " Klaus Ethgen
2015-11-10 13:35                                                 ` Austin S Hemmelgarn
2015-11-10 17:58                                                   ` [KERNEL] " Klaus Ethgen
2015-11-10 20:39                                                     ` Austin S Hemmelgarn
2015-11-10 13:41                                                 ` Klaus Ethgen
2015-11-11  2:04                                                 ` Theodore Ts'o
2015-11-11 10:14                                                   ` [KERNEL] " Klaus Ethgen
2015-11-11 10:54                                                     ` Theodore Ts'o
2015-11-11 11:13                                                       ` [KERNEL] " Klaus Ethgen
2015-11-10 15:25                                               ` [KERNEL] Re: [KERNEL] Re: [KERNEL] " Christoph Lameter
2015-11-05 16:19           ` Andy Lutomirski
2015-11-05 17:22             ` [KERNEL] " Klaus Ethgen
2015-11-02 18:52   ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151109172340.GF3714@ikki.ethgen.ch \
    --to=klaus+lkml@ethgen.de \
    --cc=ahferroin7@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=cl@linux.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=luto@kernel.org \
    --cc=richard.weinberger@gmail.com \
    --cc=serge.hallyn@ubuntu.com \
    --cc=serge@hallyn.com \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.