From: Djalal Harouni <tixxdz@gmail.com> To: "Theodore Ts'o" <tytso@mit.edu>, Djalal Harouni <tixxdz@gmail.com>, Daniel Micay <danielmicay@gmail.com>, Linus Torvalds <torvalds@linux-foundation.org>, Kees Cook <keescook@chromium.org>, Jessica Yu <jeyu@kernel.org>, LSM List <linux-security-module@vger.kernel.org>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, "kernel-hardening@lists.openwall.com" <kernel-hardening@lists.openwall.com> Subject: Re: [kernel-hardening] Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules Date: Thu, 30 Nov 2017 15:51:28 +0100 [thread overview] Message-ID: <CAEiveUcqVpV0592caA2wGRcvf6aWGX4XSAx+PLrh53VbAK=rYw@mail.gmail.com> (raw) In-Reply-To: <20171130141636.k3oqybwosdogzfgg@thunk.org> On Thu, Nov 30, 2017 at 3:16 PM, Theodore Ts'o <tytso@mit.edu> wrote: > On Thu, Nov 30, 2017 at 09:50:27AM +0100, Djalal Harouni wrote: >> In embedded systems we can't maintain a SELinux policy, distro man >> power hardly manage. We have abstracted seccomp etc, but the kernel >> inherited the difficult multiplex things, plus all other paths that >> trigger this..... > >> Yes, but it is hard to maintain a whitelist policy, the code is hardly >> maintained... > > So this is the part that scares me to death about IOT, and why I tell > everyone to ***never*** trust an IOT device on their home network, and > ***never*** trust it with anything you don't mind splattered all over > the front page of NY Times and RT / Sputnick news. Yes. For your pleasure: https://techcrunch.com/2017/04/25/brickerbot-is-a-vigilante-worm-that-destroys-insecure-iot-devices/ bricked million of devices to stupid busybox remote port. https://en.wikipedia.org/wiki/Mirai_(malware) an other million bots used to disturb netflix, twitter and others I don't know the details. ... > You're saying that you want to use modules (as opposed to compile > everything tightly down to just what you need for the embedded > system); that the code is "hardly maintained". And yet we're supposed > to consider it trustworthy? I didn't say that. > If that's the case, turning off implicit module loading sounds and > thinking that this will somehow be a magic wand sounds.... crazy. The product costs decide, web developers, javascript, big data analysis, electronic engineers all want to use Linux for IoT prototype and sell in some months, they will get any kernel+userspace add their value on top and sell. It will be non-sense to think that if a web developer wants to sell a node.js app as an IoT he has to compile a kernel and do all the other stuff, they all re-use the same layer the same config for everything. Requiring for everyone to compile its own kernel does not make much sense. Default safe behaviour is what we should do. Thanks! > - Ted -- tixxdz
WARNING: multiple messages have this Message-ID (diff)
From: tixxdz@gmail.com (Djalal Harouni) To: linux-security-module@vger.kernel.org Subject: [kernel-hardening] Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules Date: Thu, 30 Nov 2017 15:51:28 +0100 [thread overview] Message-ID: <CAEiveUcqVpV0592caA2wGRcvf6aWGX4XSAx+PLrh53VbAK=rYw@mail.gmail.com> (raw) In-Reply-To: <20171130141636.k3oqybwosdogzfgg@thunk.org> On Thu, Nov 30, 2017 at 3:16 PM, Theodore Ts'o <tytso@mit.edu> wrote: > On Thu, Nov 30, 2017 at 09:50:27AM +0100, Djalal Harouni wrote: >> In embedded systems we can't maintain a SELinux policy, distro man >> power hardly manage. We have abstracted seccomp etc, but the kernel >> inherited the difficult multiplex things, plus all other paths that >> trigger this..... > >> Yes, but it is hard to maintain a whitelist policy, the code is hardly >> maintained... > > So this is the part that scares me to death about IOT, and why I tell > everyone to ***never*** trust an IOT device on their home network, and > ***never*** trust it with anything you don't mind splattered all over > the front page of NY Times and RT / Sputnick news. Yes. For your pleasure: https://techcrunch.com/2017/04/25/brickerbot-is-a-vigilante-worm-that-destroys-insecure-iot-devices/ bricked million of devices to stupid busybox remote port. https://en.wikipedia.org/wiki/Mirai_(malware) an other million bots used to disturb netflix, twitter and others I don't know the details. ... > You're saying that you want to use modules (as opposed to compile > everything tightly down to just what you need for the embedded > system); that the code is "hardly maintained". And yet we're supposed > to consider it trustworthy? I didn't say that. > If that's the case, turning off implicit module loading sounds and > thinking that this will somehow be a magic wand sounds.... crazy. The product costs decide, web developers, javascript, big data analysis, electronic engineers all want to use Linux for IoT prototype and sell in some months, they will get any kernel+userspace add their value on top and sell. It will be non-sense to think that if a web developer wants to sell a node.js app as an IoT he has to compile a kernel and do all the other stuff, they all re-use the same layer the same config for everything. Requiring for everyone to compile its own kernel does not make much sense. Default safe behaviour is what we should do. Thanks! > - Ted -- tixxdz -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-11-30 14:51 UTC|newest] Thread overview: 266+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-11-27 17:18 [PATCH v5 next 0/5] Improve Module autoloading infrastructure Djalal Harouni 2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni 2017-11-27 17:18 ` Djalal Harouni 2017-11-27 17:18 ` [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() Djalal Harouni 2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni 2017-11-27 17:18 ` Djalal Harouni 2017-11-27 18:48 ` Randy Dunlap 2017-11-27 18:48 ` [kernel-hardening] " Randy Dunlap 2017-11-27 18:48 ` Randy Dunlap 2017-11-27 21:35 ` Djalal Harouni 2017-11-27 21:35 ` [kernel-hardening] " Djalal Harouni 2017-11-27 21:35 ` Djalal Harouni 2017-11-28 19:14 ` Luis R. Rodriguez 2017-11-28 19:14 ` [kernel-hardening] " Luis R. Rodriguez 2017-11-28 19:14 ` Luis R. Rodriguez 2017-11-28 20:11 ` Kees Cook 2017-11-28 20:11 ` [kernel-hardening] " Kees Cook 2017-11-28 20:11 ` Kees Cook 2017-11-28 21:16 ` Luis R. Rodriguez 2017-11-28 21:16 ` [kernel-hardening] " Luis R. Rodriguez 2017-11-28 21:16 ` Luis R. Rodriguez 2017-11-28 21:33 ` Djalal Harouni 2017-11-28 21:33 ` [kernel-hardening] " Djalal Harouni 2017-11-28 21:33 ` Djalal Harouni 2017-11-28 22:18 ` Luis R. Rodriguez 2017-11-28 22:18 ` [kernel-hardening] " Luis R. Rodriguez 2017-11-28 22:18 ` Luis R. Rodriguez 2017-11-28 22:52 ` Djalal Harouni 2017-11-28 22:52 ` [kernel-hardening] " Djalal Harouni 2017-11-28 22:52 ` Djalal Harouni 2017-11-28 21:39 ` Kees Cook 2017-11-28 21:39 ` [kernel-hardening] " Kees Cook 2017-11-28 21:39 ` Kees Cook 2017-11-28 22:12 ` Luis R. Rodriguez 2017-11-28 22:12 ` [kernel-hardening] " Luis R. Rodriguez 2017-11-28 22:12 ` Luis R. Rodriguez 2017-11-28 22:18 ` Kees Cook 2017-11-28 22:18 ` [kernel-hardening] " Kees Cook 2017-11-28 22:18 ` Kees Cook 2017-11-28 22:48 ` Luis R. Rodriguez 2017-11-28 22:48 ` [kernel-hardening] " Luis R. Rodriguez 2017-11-28 22:48 ` Luis R. Rodriguez 2017-11-29 7:49 ` Michal Kubecek 2017-11-29 7:49 ` [kernel-hardening] " Michal Kubecek 2017-11-29 7:49 ` Michal Kubecek 2017-11-29 13:46 ` Alan Cox 2017-11-29 13:46 ` [kernel-hardening] " Alan Cox 2017-11-29 13:46 ` Alan Cox 2017-11-29 14:50 ` David Miller 2017-11-29 14:50 ` [kernel-hardening] " David Miller 2017-11-29 14:50 ` David Miller 2017-11-29 15:54 ` Theodore Ts'o 2017-11-29 15:54 ` [kernel-hardening] " Theodore Ts'o 2017-11-29 15:54 ` Theodore Ts'o 2017-11-29 15:58 ` David Miller 2017-11-29 15:58 ` [kernel-hardening] " David Miller 2017-11-29 15:58 ` David Miller 2017-11-29 16:29 ` Theodore Ts'o 2017-11-29 16:29 ` [kernel-hardening] " Theodore Ts'o 2017-11-29 16:29 ` Theodore Ts'o 2017-11-29 22:45 ` Linus Torvalds 2017-11-29 22:45 ` [kernel-hardening] " Linus Torvalds 2017-11-29 22:45 ` Linus Torvalds 2017-11-29 22:45 ` Linus Torvalds 2017-11-30 0:06 ` Kees Cook 2017-11-30 0:06 ` [kernel-hardening] " Kees Cook 2017-11-30 0:06 ` Kees Cook 2017-11-30 0:06 ` Kees Cook 2017-11-29 17:28 ` Serge E. Hallyn 2017-11-29 17:28 ` [kernel-hardening] " Serge E. Hallyn 2017-11-29 17:28 ` Serge E. Hallyn 2017-11-30 0:35 ` Theodore Ts'o 2017-11-30 0:35 ` [kernel-hardening] " Theodore Ts'o 2017-11-30 0:35 ` Theodore Ts'o 2017-11-30 17:17 ` Serge E. Hallyn 2017-11-30 17:17 ` [kernel-hardening] " Serge E. Hallyn 2017-11-30 17:17 ` Serge E. Hallyn 2017-11-28 20:18 ` Djalal Harouni 2017-11-28 20:18 ` [kernel-hardening] " Djalal Harouni 2017-11-28 20:18 ` Djalal Harouni 2017-11-27 17:18 ` [PATCH v5 next 2/5] modules:capabilities: add cap_kernel_module_request() permission check Djalal Harouni 2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni 2017-11-27 17:18 ` Djalal Harouni 2017-11-30 2:05 ` Luis R. Rodriguez 2017-11-30 2:05 ` [kernel-hardening] " Luis R. Rodriguez 2017-11-30 2:05 ` Luis R. Rodriguez 2017-11-27 17:18 ` [PATCH v5 next 3/5] modules:capabilities: automatic module loading restriction Djalal Harouni 2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni 2017-11-27 17:18 ` Djalal Harouni 2017-11-30 1:23 ` Luis R. Rodriguez 2017-11-30 1:23 ` [kernel-hardening] " Luis R. Rodriguez 2017-11-30 1:23 ` Luis R. Rodriguez 2017-11-30 12:22 ` Djalal Harouni 2017-11-30 12:22 ` [kernel-hardening] " Djalal Harouni 2017-11-30 12:22 ` Djalal Harouni 2017-11-27 17:18 ` [PATCH v5 next 4/5] modules:capabilities: add a per-task modules auto-load mode Djalal Harouni 2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni 2017-11-27 17:18 ` Djalal Harouni 2017-11-27 17:18 ` [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules Djalal Harouni 2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni 2017-11-27 17:18 ` Djalal Harouni 2017-11-27 18:44 ` Linus Torvalds 2017-11-27 18:44 ` [kernel-hardening] " Linus Torvalds 2017-11-27 18:44 ` Linus Torvalds 2017-11-27 18:44 ` Linus Torvalds 2017-11-27 21:41 ` Djalal Harouni 2017-11-27 21:41 ` [kernel-hardening] " Djalal Harouni 2017-11-27 21:41 ` Djalal Harouni 2017-11-27 21:41 ` Djalal Harouni 2017-11-27 22:04 ` Linus Torvalds 2017-11-27 22:04 ` [kernel-hardening] " Linus Torvalds 2017-11-27 22:04 ` Linus Torvalds 2017-11-27 22:04 ` Linus Torvalds 2017-11-27 22:59 ` Kees Cook 2017-11-27 22:59 ` [kernel-hardening] " Kees Cook 2017-11-27 22:59 ` Kees Cook 2017-11-27 22:59 ` Kees Cook 2017-11-27 23:14 ` Linus Torvalds 2017-11-27 23:14 ` [kernel-hardening] " Linus Torvalds 2017-11-27 23:14 ` Linus Torvalds 2017-11-27 23:14 ` Linus Torvalds 2017-11-27 23:19 ` Kees Cook 2017-11-27 23:19 ` [kernel-hardening] " Kees Cook 2017-11-27 23:19 ` Kees Cook 2017-11-27 23:19 ` Kees Cook 2017-11-27 23:35 ` Linus Torvalds 2017-11-27 23:35 ` [kernel-hardening] " Linus Torvalds 2017-11-27 23:35 ` Linus Torvalds 2017-11-27 23:35 ` Linus Torvalds 2017-11-28 1:23 ` Kees Cook 2017-11-28 1:23 ` [kernel-hardening] " Kees Cook 2017-11-28 1:23 ` Kees Cook 2017-11-28 1:23 ` Kees Cook 2017-11-28 12:16 ` [kernel-hardening] " Geo Kozey 2017-11-28 12:16 ` Geo Kozey 2017-11-28 12:16 ` Geo Kozey 2017-11-28 19:32 ` Theodore Ts'o 2017-11-28 19:32 ` Theodore Ts'o 2017-11-28 19:32 ` Theodore Ts'o 2017-11-28 20:08 ` Kees Cook 2017-11-28 20:08 ` Kees Cook 2017-11-28 20:08 ` Kees Cook 2017-11-28 20:12 ` Linus Torvalds 2017-11-28 20:12 ` Linus Torvalds 2017-11-28 20:12 ` Linus Torvalds 2017-11-28 20:20 ` Kees Cook 2017-11-28 20:20 ` Kees Cook 2017-11-28 20:20 ` Kees Cook 2017-11-28 20:33 ` Linus Torvalds 2017-11-28 20:33 ` Linus Torvalds 2017-11-28 20:33 ` Linus Torvalds 2017-11-28 21:10 ` Djalal Harouni 2017-11-28 21:10 ` Djalal Harouni 2017-11-28 21:10 ` Djalal Harouni 2017-11-28 21:33 ` Kees Cook 2017-11-28 21:33 ` Kees Cook 2017-11-28 21:33 ` Kees Cook 2017-11-28 23:23 ` Theodore Ts'o 2017-11-28 23:23 ` Theodore Ts'o 2017-11-28 23:23 ` Theodore Ts'o 2017-11-28 23:29 ` Kees Cook 2017-11-28 23:29 ` Kees Cook 2017-11-28 23:29 ` Kees Cook 2017-11-28 23:49 ` Theodore Ts'o 2017-11-28 23:49 ` Theodore Ts'o 2017-11-28 23:49 ` Theodore Ts'o 2017-11-29 0:18 ` Kees Cook 2017-11-29 0:18 ` Kees Cook 2017-11-29 0:18 ` Kees Cook 2017-11-29 6:36 ` Theodore Ts'o 2017-11-29 6:36 ` Theodore Ts'o 2017-11-29 6:36 ` Theodore Ts'o 2017-11-29 14:46 ` Geo Kozey 2017-11-29 14:46 ` Geo Kozey 2017-11-29 14:46 ` Geo Kozey 2017-12-01 15:22 ` Marcus Meissner 2017-12-01 15:22 ` Marcus Meissner 2017-12-01 15:22 ` Marcus Meissner 2017-11-28 23:53 ` Djalal Harouni 2017-11-28 23:53 ` Djalal Harouni 2017-11-28 23:53 ` Djalal Harouni 2017-11-28 21:51 ` Geo Kozey 2017-11-28 21:51 ` Geo Kozey 2017-11-28 21:51 ` Geo Kozey 2017-11-28 23:51 ` Linus Torvalds 2017-11-28 23:51 ` Linus Torvalds 2017-11-28 23:51 ` Linus Torvalds 2017-11-29 0:17 ` Linus Torvalds 2017-11-29 0:17 ` Linus Torvalds 2017-11-29 0:17 ` Linus Torvalds 2017-11-29 0:26 ` Kees Cook 2017-11-29 0:26 ` Kees Cook 2017-11-29 0:26 ` Kees Cook 2017-11-29 0:50 ` Linus Torvalds 2017-11-29 0:50 ` Linus Torvalds 2017-11-29 0:50 ` Linus Torvalds 2017-11-29 4:26 ` Eric W. Biederman 2017-11-29 4:26 ` Eric W. Biederman 2017-11-29 4:26 ` Eric W. Biederman 2017-11-29 18:30 ` Kees Cook 2017-11-29 18:30 ` Kees Cook 2017-11-29 18:30 ` Kees Cook 2017-11-29 18:46 ` Linus Torvalds 2017-11-29 18:46 ` Linus Torvalds 2017-11-29 18:46 ` Linus Torvalds 2017-11-29 18:53 ` Linus Torvalds 2017-11-29 18:53 ` Linus Torvalds 2017-11-29 18:53 ` Linus Torvalds 2017-11-29 21:17 ` Kees Cook 2017-11-29 21:17 ` Kees Cook 2017-11-29 21:17 ` Kees Cook 2017-11-29 22:14 ` Linus Torvalds 2017-11-29 22:14 ` Linus Torvalds 2017-11-29 22:14 ` Linus Torvalds 2017-11-30 0:44 ` Kees Cook 2017-11-30 0:44 ` Kees Cook 2017-11-30 0:44 ` Kees Cook 2017-11-30 2:08 ` Linus Torvalds 2017-11-30 2:08 ` Linus Torvalds 2017-11-30 2:08 ` Linus Torvalds 2017-11-30 6:51 ` Daniel Micay 2017-11-30 6:51 ` Daniel Micay 2017-11-30 6:51 ` Daniel Micay 2017-11-30 8:50 ` Djalal Harouni 2017-11-30 8:50 ` Djalal Harouni 2017-11-30 8:50 ` Djalal Harouni 2017-11-30 14:16 ` Theodore Ts'o 2017-11-30 14:16 ` Theodore Ts'o 2017-11-30 14:16 ` Theodore Ts'o 2017-11-30 14:51 ` Djalal Harouni [this message] 2017-11-30 14:51 ` Djalal Harouni 2017-11-30 14:51 ` Djalal Harouni 2017-12-01 6:39 ` Daniel Micay 2017-12-01 6:39 ` Daniel Micay 2017-12-01 6:39 ` Daniel Micay 2017-11-29 15:28 ` Geo Kozey 2017-11-29 15:28 ` Geo Kozey 2017-11-29 15:28 ` Geo Kozey 2017-11-27 18:41 ` [PATCH v5 next 0/5] Improve Module autoloading infrastructure Linus Torvalds 2017-11-27 18:41 ` [kernel-hardening] " Linus Torvalds 2017-11-27 18:41 ` Linus Torvalds 2017-11-27 18:41 ` Linus Torvalds 2017-11-27 19:02 ` Linus Torvalds 2017-11-27 19:02 ` [kernel-hardening] " Linus Torvalds 2017-11-27 19:02 ` Linus Torvalds 2017-11-27 19:02 ` Linus Torvalds 2017-11-27 19:12 ` Linus Torvalds 2017-11-27 19:12 ` [kernel-hardening] " Linus Torvalds 2017-11-27 19:12 ` Linus Torvalds 2017-11-27 19:12 ` Linus Torvalds 2017-11-27 21:31 ` Djalal Harouni 2017-11-27 21:31 ` [kernel-hardening] " Djalal Harouni 2017-11-27 21:31 ` Djalal Harouni 2017-11-27 21:31 ` Djalal Harouni 2017-11-27 19:14 ` David Miller 2017-11-27 19:14 ` [kernel-hardening] " David Miller 2017-11-27 19:14 ` David Miller 2017-11-27 22:31 ` James Morris 2017-11-27 22:31 ` [kernel-hardening] " James Morris 2017-11-27 22:31 ` James Morris 2017-11-27 23:04 ` Kees Cook 2017-11-27 23:04 ` [kernel-hardening] " Kees Cook 2017-11-27 23:04 ` Kees Cook 2017-11-27 23:44 ` James Morris 2017-11-27 23:44 ` [kernel-hardening] " James Morris 2017-11-27 23:44 ` James Morris
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAEiveUcqVpV0592caA2wGRcvf6aWGX4XSAx+PLrh53VbAK=rYw@mail.gmail.com' \ --to=tixxdz@gmail.com \ --cc=danielmicay@gmail.com \ --cc=jeyu@kernel.org \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=torvalds@linux-foundation.org \ --cc=tytso@mit.edu \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.