From: Djalal Harouni <tixxdz@gmail.com>
To: "Theodore Ts'o" <tytso@mit.edu>,
Djalal Harouni <tixxdz@gmail.com>,
Daniel Micay <danielmicay@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>, Jessica Yu <jeyu@kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [kernel-hardening] Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules
Date: Thu, 30 Nov 2017 15:51:28 +0100 [thread overview]
Message-ID: <CAEiveUcqVpV0592caA2wGRcvf6aWGX4XSAx+PLrh53VbAK=rYw@mail.gmail.com> (raw)
In-Reply-To: <20171130141636.k3oqybwosdogzfgg@thunk.org>
On Thu, Nov 30, 2017 at 3:16 PM, Theodore Ts'o <tytso@mit.edu> wrote:
> On Thu, Nov 30, 2017 at 09:50:27AM +0100, Djalal Harouni wrote:
>> In embedded systems we can't maintain a SELinux policy, distro man
>> power hardly manage. We have abstracted seccomp etc, but the kernel
>> inherited the difficult multiplex things, plus all other paths that
>> trigger this.....
>
>> Yes, but it is hard to maintain a whitelist policy, the code is hardly
>> maintained...
>
> So this is the part that scares me to death about IOT, and why I tell
> everyone to ***never*** trust an IOT device on their home network, and
> ***never*** trust it with anything you don't mind splattered all over
> the front page of NY Times and RT / Sputnick news.
Yes.
For your pleasure:
https://techcrunch.com/2017/04/25/brickerbot-is-a-vigilante-worm-that-destroys-insecure-iot-devices/
bricked million of devices to stupid busybox remote port.
https://en.wikipedia.org/wiki/Mirai_(malware) an other million bots
used to disturb netflix, twitter and others I don't know the details.
...
> You're saying that you want to use modules (as opposed to compile
> everything tightly down to just what you need for the embedded
> system); that the code is "hardly maintained". And yet we're supposed
> to consider it trustworthy?
I didn't say that.
> If that's the case, turning off implicit module loading sounds and
> thinking that this will somehow be a magic wand sounds.... crazy.
The product costs decide, web developers, javascript, big data
analysis, electronic engineers all want to use Linux for IoT prototype
and sell in some months, they will get any kernel+userspace add their
value on top and sell. It will be non-sense to think that if a web
developer wants to sell a node.js app as an IoT he has to compile a
kernel and do all the other stuff, they all re-use the same layer the
same config for everything. Requiring for everyone to compile its own
kernel does not make much sense. Default safe behaviour is what we
should do.
Thanks!
> - Ted
--
tixxdz
WARNING: multiple messages have this Message-ID (diff)
From: tixxdz@gmail.com (Djalal Harouni)
To: linux-security-module@vger.kernel.org
Subject: [kernel-hardening] Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules
Date: Thu, 30 Nov 2017 15:51:28 +0100 [thread overview]
Message-ID: <CAEiveUcqVpV0592caA2wGRcvf6aWGX4XSAx+PLrh53VbAK=rYw@mail.gmail.com> (raw)
In-Reply-To: <20171130141636.k3oqybwosdogzfgg@thunk.org>
On Thu, Nov 30, 2017 at 3:16 PM, Theodore Ts'o <tytso@mit.edu> wrote:
> On Thu, Nov 30, 2017 at 09:50:27AM +0100, Djalal Harouni wrote:
>> In embedded systems we can't maintain a SELinux policy, distro man
>> power hardly manage. We have abstracted seccomp etc, but the kernel
>> inherited the difficult multiplex things, plus all other paths that
>> trigger this.....
>
>> Yes, but it is hard to maintain a whitelist policy, the code is hardly
>> maintained...
>
> So this is the part that scares me to death about IOT, and why I tell
> everyone to ***never*** trust an IOT device on their home network, and
> ***never*** trust it with anything you don't mind splattered all over
> the front page of NY Times and RT / Sputnick news.
Yes.
For your pleasure:
https://techcrunch.com/2017/04/25/brickerbot-is-a-vigilante-worm-that-destroys-insecure-iot-devices/
bricked million of devices to stupid busybox remote port.
https://en.wikipedia.org/wiki/Mirai_(malware) an other million bots
used to disturb netflix, twitter and others I don't know the details.
...
> You're saying that you want to use modules (as opposed to compile
> everything tightly down to just what you need for the embedded
> system); that the code is "hardly maintained". And yet we're supposed
> to consider it trustworthy?
I didn't say that.
> If that's the case, turning off implicit module loading sounds and
> thinking that this will somehow be a magic wand sounds.... crazy.
The product costs decide, web developers, javascript, big data
analysis, electronic engineers all want to use Linux for IoT prototype
and sell in some months, they will get any kernel+userspace add their
value on top and sell. It will be non-sense to think that if a web
developer wants to sell a node.js app as an IoT he has to compile a
kernel and do all the other stuff, they all re-use the same layer the
same config for everything. Requiring for everyone to compile its own
kernel does not make much sense. Default safe behaviour is what we
should do.
Thanks!
> - Ted
--
tixxdz
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-11-30 14:51 UTC|newest]
Thread overview: 266+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 17:18 [PATCH v5 next 0/5] Improve Module autoloading infrastructure Djalal Harouni
2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni
2017-11-27 17:18 ` Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 1/5] modules:capabilities: add request_module_cap() Djalal Harouni
2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni
2017-11-27 17:18 ` Djalal Harouni
2017-11-27 18:48 ` Randy Dunlap
2017-11-27 18:48 ` [kernel-hardening] " Randy Dunlap
2017-11-27 18:48 ` Randy Dunlap
2017-11-27 21:35 ` Djalal Harouni
2017-11-27 21:35 ` [kernel-hardening] " Djalal Harouni
2017-11-27 21:35 ` Djalal Harouni
2017-11-28 19:14 ` Luis R. Rodriguez
2017-11-28 19:14 ` [kernel-hardening] " Luis R. Rodriguez
2017-11-28 19:14 ` Luis R. Rodriguez
2017-11-28 20:11 ` Kees Cook
2017-11-28 20:11 ` [kernel-hardening] " Kees Cook
2017-11-28 20:11 ` Kees Cook
2017-11-28 21:16 ` Luis R. Rodriguez
2017-11-28 21:16 ` [kernel-hardening] " Luis R. Rodriguez
2017-11-28 21:16 ` Luis R. Rodriguez
2017-11-28 21:33 ` Djalal Harouni
2017-11-28 21:33 ` [kernel-hardening] " Djalal Harouni
2017-11-28 21:33 ` Djalal Harouni
2017-11-28 22:18 ` Luis R. Rodriguez
2017-11-28 22:18 ` [kernel-hardening] " Luis R. Rodriguez
2017-11-28 22:18 ` Luis R. Rodriguez
2017-11-28 22:52 ` Djalal Harouni
2017-11-28 22:52 ` [kernel-hardening] " Djalal Harouni
2017-11-28 22:52 ` Djalal Harouni
2017-11-28 21:39 ` Kees Cook
2017-11-28 21:39 ` [kernel-hardening] " Kees Cook
2017-11-28 21:39 ` Kees Cook
2017-11-28 22:12 ` Luis R. Rodriguez
2017-11-28 22:12 ` [kernel-hardening] " Luis R. Rodriguez
2017-11-28 22:12 ` Luis R. Rodriguez
2017-11-28 22:18 ` Kees Cook
2017-11-28 22:18 ` [kernel-hardening] " Kees Cook
2017-11-28 22:18 ` Kees Cook
2017-11-28 22:48 ` Luis R. Rodriguez
2017-11-28 22:48 ` [kernel-hardening] " Luis R. Rodriguez
2017-11-28 22:48 ` Luis R. Rodriguez
2017-11-29 7:49 ` Michal Kubecek
2017-11-29 7:49 ` [kernel-hardening] " Michal Kubecek
2017-11-29 7:49 ` Michal Kubecek
2017-11-29 13:46 ` Alan Cox
2017-11-29 13:46 ` [kernel-hardening] " Alan Cox
2017-11-29 13:46 ` Alan Cox
2017-11-29 14:50 ` David Miller
2017-11-29 14:50 ` [kernel-hardening] " David Miller
2017-11-29 14:50 ` David Miller
2017-11-29 15:54 ` Theodore Ts'o
2017-11-29 15:54 ` [kernel-hardening] " Theodore Ts'o
2017-11-29 15:54 ` Theodore Ts'o
2017-11-29 15:58 ` David Miller
2017-11-29 15:58 ` [kernel-hardening] " David Miller
2017-11-29 15:58 ` David Miller
2017-11-29 16:29 ` Theodore Ts'o
2017-11-29 16:29 ` [kernel-hardening] " Theodore Ts'o
2017-11-29 16:29 ` Theodore Ts'o
2017-11-29 22:45 ` Linus Torvalds
2017-11-29 22:45 ` [kernel-hardening] " Linus Torvalds
2017-11-29 22:45 ` Linus Torvalds
2017-11-29 22:45 ` Linus Torvalds
2017-11-30 0:06 ` Kees Cook
2017-11-30 0:06 ` [kernel-hardening] " Kees Cook
2017-11-30 0:06 ` Kees Cook
2017-11-30 0:06 ` Kees Cook
2017-11-29 17:28 ` Serge E. Hallyn
2017-11-29 17:28 ` [kernel-hardening] " Serge E. Hallyn
2017-11-29 17:28 ` Serge E. Hallyn
2017-11-30 0:35 ` Theodore Ts'o
2017-11-30 0:35 ` [kernel-hardening] " Theodore Ts'o
2017-11-30 0:35 ` Theodore Ts'o
2017-11-30 17:17 ` Serge E. Hallyn
2017-11-30 17:17 ` [kernel-hardening] " Serge E. Hallyn
2017-11-30 17:17 ` Serge E. Hallyn
2017-11-28 20:18 ` Djalal Harouni
2017-11-28 20:18 ` [kernel-hardening] " Djalal Harouni
2017-11-28 20:18 ` Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 2/5] modules:capabilities: add cap_kernel_module_request() permission check Djalal Harouni
2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni
2017-11-27 17:18 ` Djalal Harouni
2017-11-30 2:05 ` Luis R. Rodriguez
2017-11-30 2:05 ` [kernel-hardening] " Luis R. Rodriguez
2017-11-30 2:05 ` Luis R. Rodriguez
2017-11-27 17:18 ` [PATCH v5 next 3/5] modules:capabilities: automatic module loading restriction Djalal Harouni
2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni
2017-11-27 17:18 ` Djalal Harouni
2017-11-30 1:23 ` Luis R. Rodriguez
2017-11-30 1:23 ` [kernel-hardening] " Luis R. Rodriguez
2017-11-30 1:23 ` Luis R. Rodriguez
2017-11-30 12:22 ` Djalal Harouni
2017-11-30 12:22 ` [kernel-hardening] " Djalal Harouni
2017-11-30 12:22 ` Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 4/5] modules:capabilities: add a per-task modules auto-load mode Djalal Harouni
2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni
2017-11-27 17:18 ` Djalal Harouni
2017-11-27 17:18 ` [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules Djalal Harouni
2017-11-27 17:18 ` [kernel-hardening] " Djalal Harouni
2017-11-27 17:18 ` Djalal Harouni
2017-11-27 18:44 ` Linus Torvalds
2017-11-27 18:44 ` [kernel-hardening] " Linus Torvalds
2017-11-27 18:44 ` Linus Torvalds
2017-11-27 18:44 ` Linus Torvalds
2017-11-27 21:41 ` Djalal Harouni
2017-11-27 21:41 ` [kernel-hardening] " Djalal Harouni
2017-11-27 21:41 ` Djalal Harouni
2017-11-27 21:41 ` Djalal Harouni
2017-11-27 22:04 ` Linus Torvalds
2017-11-27 22:04 ` [kernel-hardening] " Linus Torvalds
2017-11-27 22:04 ` Linus Torvalds
2017-11-27 22:04 ` Linus Torvalds
2017-11-27 22:59 ` Kees Cook
2017-11-27 22:59 ` [kernel-hardening] " Kees Cook
2017-11-27 22:59 ` Kees Cook
2017-11-27 22:59 ` Kees Cook
2017-11-27 23:14 ` Linus Torvalds
2017-11-27 23:14 ` [kernel-hardening] " Linus Torvalds
2017-11-27 23:14 ` Linus Torvalds
2017-11-27 23:14 ` Linus Torvalds
2017-11-27 23:19 ` Kees Cook
2017-11-27 23:19 ` [kernel-hardening] " Kees Cook
2017-11-27 23:19 ` Kees Cook
2017-11-27 23:19 ` Kees Cook
2017-11-27 23:35 ` Linus Torvalds
2017-11-27 23:35 ` [kernel-hardening] " Linus Torvalds
2017-11-27 23:35 ` Linus Torvalds
2017-11-27 23:35 ` Linus Torvalds
2017-11-28 1:23 ` Kees Cook
2017-11-28 1:23 ` [kernel-hardening] " Kees Cook
2017-11-28 1:23 ` Kees Cook
2017-11-28 1:23 ` Kees Cook
2017-11-28 12:16 ` [kernel-hardening] " Geo Kozey
2017-11-28 12:16 ` Geo Kozey
2017-11-28 12:16 ` Geo Kozey
2017-11-28 19:32 ` Theodore Ts'o
2017-11-28 19:32 ` Theodore Ts'o
2017-11-28 19:32 ` Theodore Ts'o
2017-11-28 20:08 ` Kees Cook
2017-11-28 20:08 ` Kees Cook
2017-11-28 20:08 ` Kees Cook
2017-11-28 20:12 ` Linus Torvalds
2017-11-28 20:12 ` Linus Torvalds
2017-11-28 20:12 ` Linus Torvalds
2017-11-28 20:20 ` Kees Cook
2017-11-28 20:20 ` Kees Cook
2017-11-28 20:20 ` Kees Cook
2017-11-28 20:33 ` Linus Torvalds
2017-11-28 20:33 ` Linus Torvalds
2017-11-28 20:33 ` Linus Torvalds
2017-11-28 21:10 ` Djalal Harouni
2017-11-28 21:10 ` Djalal Harouni
2017-11-28 21:10 ` Djalal Harouni
2017-11-28 21:33 ` Kees Cook
2017-11-28 21:33 ` Kees Cook
2017-11-28 21:33 ` Kees Cook
2017-11-28 23:23 ` Theodore Ts'o
2017-11-28 23:23 ` Theodore Ts'o
2017-11-28 23:23 ` Theodore Ts'o
2017-11-28 23:29 ` Kees Cook
2017-11-28 23:29 ` Kees Cook
2017-11-28 23:29 ` Kees Cook
2017-11-28 23:49 ` Theodore Ts'o
2017-11-28 23:49 ` Theodore Ts'o
2017-11-28 23:49 ` Theodore Ts'o
2017-11-29 0:18 ` Kees Cook
2017-11-29 0:18 ` Kees Cook
2017-11-29 0:18 ` Kees Cook
2017-11-29 6:36 ` Theodore Ts'o
2017-11-29 6:36 ` Theodore Ts'o
2017-11-29 6:36 ` Theodore Ts'o
2017-11-29 14:46 ` Geo Kozey
2017-11-29 14:46 ` Geo Kozey
2017-11-29 14:46 ` Geo Kozey
2017-12-01 15:22 ` Marcus Meissner
2017-12-01 15:22 ` Marcus Meissner
2017-12-01 15:22 ` Marcus Meissner
2017-11-28 23:53 ` Djalal Harouni
2017-11-28 23:53 ` Djalal Harouni
2017-11-28 23:53 ` Djalal Harouni
2017-11-28 21:51 ` Geo Kozey
2017-11-28 21:51 ` Geo Kozey
2017-11-28 21:51 ` Geo Kozey
2017-11-28 23:51 ` Linus Torvalds
2017-11-28 23:51 ` Linus Torvalds
2017-11-28 23:51 ` Linus Torvalds
2017-11-29 0:17 ` Linus Torvalds
2017-11-29 0:17 ` Linus Torvalds
2017-11-29 0:17 ` Linus Torvalds
2017-11-29 0:26 ` Kees Cook
2017-11-29 0:26 ` Kees Cook
2017-11-29 0:26 ` Kees Cook
2017-11-29 0:50 ` Linus Torvalds
2017-11-29 0:50 ` Linus Torvalds
2017-11-29 0:50 ` Linus Torvalds
2017-11-29 4:26 ` Eric W. Biederman
2017-11-29 4:26 ` Eric W. Biederman
2017-11-29 4:26 ` Eric W. Biederman
2017-11-29 18:30 ` Kees Cook
2017-11-29 18:30 ` Kees Cook
2017-11-29 18:30 ` Kees Cook
2017-11-29 18:46 ` Linus Torvalds
2017-11-29 18:46 ` Linus Torvalds
2017-11-29 18:46 ` Linus Torvalds
2017-11-29 18:53 ` Linus Torvalds
2017-11-29 18:53 ` Linus Torvalds
2017-11-29 18:53 ` Linus Torvalds
2017-11-29 21:17 ` Kees Cook
2017-11-29 21:17 ` Kees Cook
2017-11-29 21:17 ` Kees Cook
2017-11-29 22:14 ` Linus Torvalds
2017-11-29 22:14 ` Linus Torvalds
2017-11-29 22:14 ` Linus Torvalds
2017-11-30 0:44 ` Kees Cook
2017-11-30 0:44 ` Kees Cook
2017-11-30 0:44 ` Kees Cook
2017-11-30 2:08 ` Linus Torvalds
2017-11-30 2:08 ` Linus Torvalds
2017-11-30 2:08 ` Linus Torvalds
2017-11-30 6:51 ` Daniel Micay
2017-11-30 6:51 ` Daniel Micay
2017-11-30 6:51 ` Daniel Micay
2017-11-30 8:50 ` Djalal Harouni
2017-11-30 8:50 ` Djalal Harouni
2017-11-30 8:50 ` Djalal Harouni
2017-11-30 14:16 ` Theodore Ts'o
2017-11-30 14:16 ` Theodore Ts'o
2017-11-30 14:16 ` Theodore Ts'o
2017-11-30 14:51 ` Djalal Harouni [this message]
2017-11-30 14:51 ` Djalal Harouni
2017-11-30 14:51 ` Djalal Harouni
2017-12-01 6:39 ` Daniel Micay
2017-12-01 6:39 ` Daniel Micay
2017-12-01 6:39 ` Daniel Micay
2017-11-29 15:28 ` Geo Kozey
2017-11-29 15:28 ` Geo Kozey
2017-11-29 15:28 ` Geo Kozey
2017-11-27 18:41 ` [PATCH v5 next 0/5] Improve Module autoloading infrastructure Linus Torvalds
2017-11-27 18:41 ` [kernel-hardening] " Linus Torvalds
2017-11-27 18:41 ` Linus Torvalds
2017-11-27 18:41 ` Linus Torvalds
2017-11-27 19:02 ` Linus Torvalds
2017-11-27 19:02 ` [kernel-hardening] " Linus Torvalds
2017-11-27 19:02 ` Linus Torvalds
2017-11-27 19:02 ` Linus Torvalds
2017-11-27 19:12 ` Linus Torvalds
2017-11-27 19:12 ` [kernel-hardening] " Linus Torvalds
2017-11-27 19:12 ` Linus Torvalds
2017-11-27 19:12 ` Linus Torvalds
2017-11-27 21:31 ` Djalal Harouni
2017-11-27 21:31 ` [kernel-hardening] " Djalal Harouni
2017-11-27 21:31 ` Djalal Harouni
2017-11-27 21:31 ` Djalal Harouni
2017-11-27 19:14 ` David Miller
2017-11-27 19:14 ` [kernel-hardening] " David Miller
2017-11-27 19:14 ` David Miller
2017-11-27 22:31 ` James Morris
2017-11-27 22:31 ` [kernel-hardening] " James Morris
2017-11-27 22:31 ` James Morris
2017-11-27 23:04 ` Kees Cook
2017-11-27 23:04 ` [kernel-hardening] " Kees Cook
2017-11-27 23:04 ` Kees Cook
2017-11-27 23:44 ` James Morris
2017-11-27 23:44 ` [kernel-hardening] " James Morris
2017-11-27 23:44 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEiveUcqVpV0592caA2wGRcvf6aWGX4XSAx+PLrh53VbAK=rYw@mail.gmail.com' \
--to=tixxdz@gmail.com \
--cc=danielmicay@gmail.com \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.