From: nicolas@belouin.fr
Cc: Jan Kara <jack@suse.com>, Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <yuchao0@huawei.com>,
David Woodhouse <dwmw2@infradead.org>,
Dave Kleikamp <shaggy@kernel.org>,
Mark Fasheh <mfasheh@versity.com>,
Joel Becker <jlbec@evilplan.org>,
Miklos Szeredi <miklos@szeredi.hu>,
Phillip Lougher <phillip@squashfs.org.uk>,
Richard Weinberger <richard@nod.at>,
Artem Bityutskiy <dedekind1@gmail.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge@hallyn.com>, Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
James.Morris@smtp6.infomaniak.ch
Subject: Re: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED
Date: Sat, 21 Oct 2017 21:09:32 +0200 [thread overview]
Message-ID: <201710211909.v9LJ9Zg8033866__40171.4235581041$1508613150$gmane$org@smtp6.infomaniak.ch> (raw)
In-Reply-To: <20171021160302.GA2842@mail.hallyn.com>
<james.l.morris@oracle.com>,linux-ext4@vger.kernel.org,linux-kernel@vger.kernel.org,linux-f2fs-devel@lists.sourceforge.net,linux-fsdevel@vger.kernel.org,linux-mtd@lists.infradead.org,jfs-discussion@lists.sourceforge.net,ocfs2-devel@oss.oracle.com,linux-unionfs@vger.kernel.org,reiserfs-devel@vger.kernel.org,linux-security-module@vger.kernel.org,selinux@tycho.nsa.gov,linux-api@vger.kernel.org,kernel-hardening@lists.openwall.com
From: Nicolas Belouin <nicolas@belouin.fr>
Message-ID: <99179B10-4EAE-4FAB-9D14-B885156261B3@belouin.fr>
On October 21, 2017 6:03:02 PM GMT+02:00, "Serge E. Hallyn" <serge@hallyn.com> wrote:
>Quoting Nicolas Belouin (nicolas@belouin.fr):
>> with CAP_SYS_ADMIN being bloated, the usefulness of using it to
>> flag a process to be entrusted for e.g reading and writing trusted
>> xattr is near zero.
>> CAP_TRUSTED aims to provide userland with a way to mark a process as
>> entrusted to do specific (not specially admin-centered) actions. It
>> would for example allow a process to red/write the trusted xattrs.
>
>You say "for example". Are you intending to add more uses? If so,
>what
>are they? If not, how about renaming it CAP_TRUSTED_XATTR?
>
I don't see any other use for now, but I don't want it to be too narrow and non usable in a similar context in the future. So I believe the underlying purpose of marking a process as "trusted" (even if for now it only means rw permission on trusted xattr) is more meaningful.
>What all does allowing writes to trusted xattrs give you? There are
>the overlayfs whiteouts, what else?
Nicolas
next prev parent reply other threads:[~2017-10-21 19:12 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-21 13:45 [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED Nicolas Belouin
2017-10-21 13:45 ` [kernel-hardening] " Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` [RFC PATCH 2/2] fs: Grant CAP_TRUSTED rw access to trusted xattrs Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` [kernel-hardening] " Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 16:03 ` [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED Serge E. Hallyn
2017-10-21 16:03 ` [kernel-hardening] " Serge E. Hallyn
2017-10-21 16:03 ` Serge E. Hallyn
2017-10-21 16:03 ` Serge E. Hallyn
2017-10-21 19:09 ` nicolas
2017-10-21 19:09 ` nicolas at belouin.fr
2017-10-21 19:09 ` nicolas
2017-10-21 19:09 ` nicolas [this message]
2017-10-21 19:09 ` nicolas
[not found] ` <20171021160302.GA2842-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-10-21 19:09 ` nicolas-6zwZCx3K5ONGWvitb5QawA
2017-10-21 19:09 ` nicolas
2017-10-21 17:25 ` [kernel-hardening] " Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` [kernel-hardening] " Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
[not found] ` <20171021134558.21195-1-nicolas-6zwZCx3K5ONGWvitb5QawA@public.gmane.org>
2017-10-21 13:45 ` [RFC PATCH 2/2] fs: Grant CAP_TRUSTED rw access to trusted xattrs Nicolas Belouin
2017-10-21 17:25 ` [kernel-hardening] [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
[not found] ` <d3e1c911-138d-082a-b941-651217d0faf8-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2017-10-21 19:04 ` nicolas-6zwZCx3K5ONGWvitb5QawA
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas at belouin.fr
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 17:25 ` Casey Schaufler
-- strict thread matches above, loose matches on Subject: below --
2017-10-21 13:45 Nicolas Belouin
2017-10-21 13:45 Nicolas Belouin
2017-10-21 13:45 Nicolas Belouin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='201710211909.v9LJ9Zg8033866__40171.4235581041$1508613150$gmane$org@smtp6.infomaniak.ch' \
--to=nicolas@belouin.fr \
--cc=James.Morris@smtp6.infomaniak.ch \
--cc=adilger.kernel@dilger.ca \
--cc=adrian.hunter@intel.com \
--cc=dedekind1@gmail.com \
--cc=dwmw2@infradead.org \
--cc=eparis@parisplace.org \
--cc=jack@suse.com \
--cc=jaegeuk@kernel.org \
--cc=jlbec@evilplan.org \
--cc=mfasheh@versity.com \
--cc=miklos@szeredi.hu \
--cc=paul@paul-moore.com \
--cc=phillip@squashfs.org.uk \
--cc=richard@nod.at \
--cc=sds@tycho.nsa.gov \
--cc=serge@hallyn.com \
--cc=shaggy@kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.