Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757741AbaJ2W0m (ORCPT ); Wed, 29 Oct 2014 18:26:42 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:53433 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757553AbaJ2W0k (ORCPT ); Wed, 29 Oct 2014 18:26:40 -0400 Date: Wed, 29 Oct 2014 15:25:31 -0700 From: Greg Kroah-Hartman To: Andy Lutomirski Cc: Linux API , "linux-kernel@vger.kernel.org" , John Stultz , Arnd Bergmann , Tejun Heo , Marcel Holtmann , Ryan Lortie , Bastien Nocera , David Herrmann , Djalal Harouni , simon.mcvittie@collabora.co.uk, daniel@zonque.org, alban.crequy@collabora.co.uk, javier.martinez@collabora.co.uk, Tom Gundersen Subject: Re: [PATCH 00/12] Add kdbus implementation Message-ID: <20141029222531.GA8129@kroah.com> References: <1414620056-6675-1-git-send-email-gregkh@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 29, 2014 at 03:19:21PM -0700, Andy Lutomirski wrote: > On Wed, Oct 29, 2014 at 3:00 PM, Greg Kroah-Hartman > wrote: > > * Attachment of trustable metadata to each message on demand, such as > > the sending peer's timestamp, creds, auxgroups, comm, exe, cmdline, > > cgroup path, capabilities, security label, audit information, etc, > > each taken at the time the sender issued the ioctl to send the > > message. Which of those are actually recorded and attached is > > controlled by the receiving peer. > > I think that each piece of trustable metadata needs to be explicitly > opted-in to by the sender at the time of capture. Otherwise you're > asking for lots of information leaks and privilege escalations. This > is especially important given that some of the items in the current > list could be rather sensitive. You do have to opt-in for this information at time of capture, so I don't understand the issue here. This is the same type of thing that dbus does today, and I don't see the information leaks happening there, do you? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/