From: Austin S Hemmelgarn <ahferroin7@gmail.com>
To: "Theodore Ts'o" <tytso@mit.edu>,
Andy Lutomirski <luto@amacapital.net>,
Serge Hallyn <serge.hallyn@ubuntu.com>,
Kees Cook <keescook@chromium.org>,
Christoph Lameter <cl@linux.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andrew Morton <akpm@linux-foundation.org>,
Richard Weinberger <richard.weinberger@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [KERNEL] [PATCH] Kernel 4.3 breaks security in systems using capabilities
Date: Tue, 10 Nov 2015 08:35:51 -0500 [thread overview]
Message-ID: <5641F2B7.9050408@gmail.com> (raw)
In-Reply-To: <20151110131907.GB2958@ikki.ethgen.ch>
[-- Attachment #1: Type: text/plain, Size: 1352 bytes --]
On 2015-11-10 08:19, Klaus Ethgen wrote:
> Hi Ted, hy others in this discussion,
>
> Am Di den 10. Nov 2015 um 13:40 schrieb Theodore Ts'o:
>> Whether or not that will be acceptable upstream, I don't know, mainly
>> because I think a strong case can be made that such a patch has an
>> audience of one, and adding more complexity here for an idea which has
>> been time-tested over decades to be a failure is just not a good idea.
>
> I wouldn't tell the implementation until now to be a failure. It helped
> a lot to keep a system sane. It is true that all distributions ignored
> capabilities completely but I don't think that is due the design.
I think it's mostly due to the fact that there are a lot of potential
security issues in using capabilities as implemented in Linux (and other
POSIX systems), and unlike chroot(), it's not as easy to protect against
stuff trying to bypass them while still keeping them useful. If you do a
web search you can relatively easily find info on how to use many of the
defined capabilities to get root-equivalent access (CAP_SYS_ADMIN and
CAP_SYS_MODULE are obvious, but many of the others can be used also if
you know what you are doing, for example CAP_DAC_OVERRIDE+CAP_SYS_BOOT
can be used on non-SecureBoot systems to force the system to reboot into
an arbitrary kernel).
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 3019 bytes --]
next prev parent reply other threads:[~2015-11-10 13:36 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-02 18:06 Kernel 4.3 breaks security in systems using capabilities Klaus Ethgen
2015-11-02 18:38 ` Richard Weinberger
2015-11-02 18:50 ` Andy Lutomirski
2015-11-02 19:16 ` [KERNEL] " Klaus Ethgen
2015-11-02 19:45 ` Andy Lutomirski
2015-11-05 10:19 ` [KERNEL] " Klaus Ethgen
2015-11-05 16:15 ` Serge E. Hallyn
2015-11-05 17:17 ` [KERNEL] " Klaus Ethgen
2015-11-05 17:34 ` Serge E. Hallyn
2015-11-05 17:48 ` [KERNEL] " Klaus Ethgen
2015-11-05 19:01 ` Andy Lutomirski
2015-11-05 22:08 ` Serge E. Hallyn
2015-11-06 13:58 ` [KERNEL] " Klaus Ethgen
2015-11-06 15:53 ` Theodore Ts'o
2015-11-06 17:15 ` Andy Lutomirski
2015-11-06 17:51 ` Casey Schaufler
2015-11-06 18:05 ` Serge E. Hallyn
2015-11-06 17:56 ` [KERNEL] " Klaus Ethgen
2015-11-06 18:18 ` Serge E. Hallyn
2015-11-07 11:02 ` [KERNEL] " Klaus Ethgen
2015-11-08 17:05 ` Serge E. Hallyn
2015-11-09 16:28 ` Austin S Hemmelgarn
2015-11-09 17:23 ` [KERNEL] " Klaus Ethgen
2015-11-09 19:02 ` Austin S Hemmelgarn
2015-11-09 21:29 ` [KERNEL] " Klaus Ethgen
2015-11-10 0:06 ` Andy Lutomirski
2015-11-10 11:55 ` [KERNEL] " Klaus Ethgen
2015-11-10 12:40 ` Theodore Ts'o
2015-11-10 13:19 ` [KERNEL] [PATCH] " Klaus Ethgen
2015-11-10 13:35 ` Austin S Hemmelgarn [this message]
2015-11-10 17:58 ` [KERNEL] " Klaus Ethgen
2015-11-10 20:39 ` Austin S Hemmelgarn
2015-11-10 13:41 ` Klaus Ethgen
2015-11-11 2:04 ` Theodore Ts'o
2015-11-11 10:14 ` [KERNEL] " Klaus Ethgen
2015-11-11 10:54 ` Theodore Ts'o
2015-11-11 11:13 ` [KERNEL] " Klaus Ethgen
2015-11-10 15:25 ` [KERNEL] Re: [KERNEL] Re: [KERNEL] " Christoph Lameter
2015-11-05 16:19 ` Andy Lutomirski
2015-11-05 17:22 ` [KERNEL] " Klaus Ethgen
2015-11-02 18:52 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5641F2B7.9050408@gmail.com \
--to=ahferroin7@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=richard.weinberger@gmail.com \
--cc=serge.hallyn@ubuntu.com \
--cc=serge@hallyn.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).