From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758061Ab2DFUrm (ORCPT ); Fri, 6 Apr 2012 16:47:42 -0400 Received: from mail-lb0-f174.google.com ([209.85.217.174]:53051 "EHLO mail-lb0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758049Ab2DFUrh (ORCPT ); Fri, 6 Apr 2012 16:47:37 -0400 MIME-Version: 1.0 In-Reply-To: <20120406124921.5754e941.akpm@linux-foundation.org> References: <1333051320-30872-1-git-send-email-wad@chromium.org> <1333051320-30872-2-git-send-email-wad@chromium.org> <20120406124921.5754e941.akpm@linux-foundation.org> From: Markus Gutschke Date: Fri, 6 Apr 2012 13:47:12 -0700 X-Google-Sender-Auth: VsbgmQcq0ODk4IzZ8nJ_Ca5ujjw Message-ID: Subject: Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs To: Andrew Morton Cc: Will Drewry , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com, netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de, davem@davemloft.net, hpa@zytor.com, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu, eparis@redhat.com, serge.hallyn@canonical.com, djm@mindrot.org, scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com, corbet@lwn.net, eric.dumazet@gmail.com, coreyb@linux.vnet.ibm.com, keescook@chromium.org, jmorris@namei.org, Andy Lutomirski Content-Type: text/plain; charset=UTF-8 X-System-Of-Record: true Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 6, 2012 at 12:49, Andrew Morton wrote: > On Thu, 29 Mar 2012 15:01:46 -0500 > Will Drewry wrote: >> From: Andy Lutomirski >> With this set, a lot of dangerous operations (chroot, unshare, etc) >> become a lot less dangerous because there is no possibility of >> subverting privileged binaries. I don't want to derail things. So, tell me to go away, if I can't have what I want. Having said that, it would be great if NO_NEW_PRIVS also gave access to the restricted clone() flags. Such as CLONE_NEWIPC, CLONE_NEWNET and CLONE_NEWPID. Markus From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com MIME-Version: 1.0 Sender: markus@google.com In-Reply-To: <20120406124921.5754e941.akpm@linux-foundation.org> References: <1333051320-30872-1-git-send-email-wad@chromium.org> <1333051320-30872-2-git-send-email-wad@chromium.org> <20120406124921.5754e941.akpm@linux-foundation.org> From: Markus Gutschke Date: Fri, 6 Apr 2012 13:47:12 -0700 Message-ID: Content-Type: text/plain; charset=UTF-8 Subject: [kernel-hardening] Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs To: Andrew Morton Cc: Will Drewry , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com, netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de, davem@davemloft.net, hpa@zytor.com, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu, eparis@redhat.com, serge.hallyn@canonical.com, djm@mindrot.org, scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com, corbet@lwn.net, eric.dumazet@gmail.com, coreyb@linux.vnet.ibm.com, keescook@chromium.org, jmorris@namei.org, Andy Lutomirski List-ID: On Fri, Apr 6, 2012 at 12:49, Andrew Morton wrote: > On Thu, 29 Mar 2012 15:01:46 -0500 > Will Drewry wrote: >> From: Andy Lutomirski >> With this set, a lot of dangerous operations (chroot, unshare, etc) >> become a lot less dangerous because there is no possibility of >> subverting privileged binaries. I don't want to derail things. So, tell me to go away, if I can't have what I want. Having said that, it would be great if NO_NEW_PRIVS also gave access to the restricted clone() flags. Such as CLONE_NEWIPC, CLONE_NEWNET and CLONE_NEWPID. Markus