Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933046AbbDUTz1 (ORCPT ); Tue, 21 Apr 2015 15:55:27 -0400 Received: from mail-ig0-f180.google.com ([209.85.213.180]:33474 "EHLO mail-ig0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756001AbbDUTzW (ORCPT ); Tue, 21 Apr 2015 15:55:22 -0400 Message-ID: <5536AB25.5020106@gmail.com> Date: Tue, 21 Apr 2015 15:55:17 -0400 From: Austin S Hemmelgarn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Matthew Garrett , "Eric W. Biederman" CC: Tom Gundersen , Jiri Kosina , Greg Kroah-Hartman , Andy Lutomirski , Linus Torvalds , Andrew Morton , Arnd Bergmann , One Thousand Gnomes , "linux-kernel@vger.kernel.org" , Daniel Mack , David Herrmann , Djalal Harouni Subject: Re: [GIT PULL] kdbus for 4.1-rc1 References: <20150415122555.74258d63@lxorguk.ukuu.org.uk> <20150415154551.GE6801@home.goodmis.org> <20150415163520.GA25105@kroah.com> <20150415130649.6f9ab20f@gandalf.local.home> <20150415173145.GA26146@kroah.com> <20150415225611.0c256ea6@lxorguk.ukuu.org.uk> <552F8F97.3040208@zonque.org> <87mw21qvyx.fsf@x220.int.ebiederm.org> <20150421193852.GA12633@srcf.ucam.org> In-Reply-To: <20150421193852.GA12633@srcf.ucam.org> x-hashcash: 1:21:150421:mjg59@srcf.ucam.org::32126a9b065d45fcdcc604692d1435c7:f8d3a199b7505a3 x-hashcash: 1:21:150421:ebiederm@xmission.com::ef28f249677401ea5dff0146a84f7fad:ac86c0fabbd76249 x-hashcash: 1:21:150421:teg@jklm.no::c380dcd2619b0cd834a12d712b7c764f:a5c2a666289fea3d x-hashcash: 1:21:150421:jkosina@suse.cz::e9e2f330e4ab3566d9ea433564edb1be:372cf36f3a11b900 x-hashcash: 1:21:150421:gregkh@linuxfoundation.org::cbe3ad296ae99a2270aac910191cb748:57df9dd9ca88fd1 x-hashcash: 1:21:150421:luto@amacapital.net::d1a7a68cf88c4513e04c5622ed7b8537:b450eef260d58715 x-hashcash: 1:21:150421:torvalds@linux-foundation.org::50b24241c3252454462f3cff41068b6e:d3d4f8765ccd29f4 x-hashcash: 1:21:150421:akpm@linux-foundation.org::218540e5eaf7563d8664366188ad47d3:67616024c645de94 x-hashcash: 1:21:150421:arnd@arndb.de::4fb8e74f0f1d8d3db9d21aa3c40b8df2:9918f105c52aeb25 x-hashcash: 1:21:150421:gnomes@lxorguk.ukuu.org.uk::edbd60652c9215dc58d252665a164d59:5022418f9017ada1 x-hashcash: 1:21:150421:linux-kernel@vger.kernel.org::71d5e27f133fdcc3551c9b1ba035dba3:a744247d7a0dd21f x-hashcash: 1:21:150421:daniel@zonque.org::ec317afd3c281aaeff8fa2a08908da2f:4620c6f507e1ab88 x-hashcash: 1:21:150421:dh.herrmann@gmail.com::1749dffc2e8ae44abfa1b6aa5c6952a7:9a30847823ce3b18 x-hashcash: 1:21:150421:tixxdz@opendz.org::4d7ae40a324d4d002e5276044b9e577d:e29eec89da1c19a3 x-stampprotocols: hashcash:1:17;mbound:0:10:3000:5000 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms080802040204000704000200" X-Antivirus: avast! (VPS 150421-1, 2015-04-21), Outbound message X-Antivirus-Status: Clean Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5801 Lines: 101 This is a cryptographically signed message in MIME format. --------------ms080802040204000704000200 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-04-21 15:38, Matthew Garrett wrote: > On Tue, Apr 21, 2015 at 11:36:54AM -0500, Eric W. Biederman wrote: >> >> HeHeHe. You mean all I need to do to get around all of the logging se= rvers is >> capture CAP_SYS_BOOT? Say like just capture this crazy watchdog progr= am >> that doesn't run as root so that it can only reboot the system? HeHeHe= >> So I can just trigger a clean reboot wait for journald, auditd, and >> syslog all to shut down and then do evil things to the machine without= >> having to worry about erasing forensic evidence? > > CAP_SYS_BOOT gives you kexec, and kexec with init=3D/bin/sh lets you do= > anything. You added that in dc009d92435f99498cbc579ce76bf28e837e2c14 an= d > now the horse is long gone. Don't give CAP_SYS_BOOT to anything you > don't trust with full privileges. > The point is that Eric's suggestion works even on kernels without=20 kexec(), which is significant because a significant number of security=20 minded people (myself included) explicitly disable kexec in their kernel = configuration. --------------ms080802040204000704000200 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGuDCC BrQwggScoAMCAQICAxBuVTANBgkqhkiG9w0BAQ0FADB5MRAwDgYDVQQKEwdSb290IENBMR4w HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xNTAz MjUxOTM0MzhaFw0xNTA5MjExOTM0MzhaMGMxGDAWBgNVBAMTD0NBY2VydCBXb1QgVXNlcjEj MCEGCSqGSIb3DQEJARYUYWhmZXJyb2luN0BnbWFpbC5jb20xIjAgBgkqhkiG9w0BCQEWE2Fo ZW1tZWxnQG9oaW9ndC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCdD/zW 2rRAFCLnDfXpWxU1+ODqRVUgzHvrRO7ADUxRo1CBDc3JSX5TIW2OGmQ3DAKGOACp8Z0sgxMc B05tzAZ/M7m4jajVrwwdVCdrwVGxTdAai7Kwg4ZCVfyMVhcwo8R2eW3QahBx34G0RKumK9sZ ZQSQ+zULAzpY6uz7T1sAk/erMoivRXF6u8WvOsLkOD1F/Xyv1ZccSUG5YeDgZgc0nZUBvyIp zXSHjgWerFkrxEM3y2z/Ff3eL1sgGYecV/I1F+I5S01V7Kclt/qRW10c/4JEGRcI1FmrJBPu BtMYPbg/3Y9LZROYN+mVIFxZxOfrmjfFZ96xt/TaMXo8vcEKtWcNEjhGBjEbfMUEm4aq8ygQ 4MuEcpJc8DJCHBkg2KBk13DkbU2qNepTD6Uip1C+g+KMr0nd6KOJqSH27ZuNY4xqV4hIxFHp ex0zY7mq6fV2o6sKBGQzRdI20FDYmNjsLJwjH6qJ8laxFphZnPRpBThmu0AjuBWE72GnI1oA aO+bs92MQGJernt7hByCnDO82W/ykbVz+Ge3Sax8NY0m2Xdvp6WFDY/PjD9CdaJ9nwQGsUSa N54lrZ2qMTeCI9Vauwf6U69BA42xgk65VvxvTNqji+tZ4aZbarZ7el2/QDHOb/rRwlCFplS/ z4l1f1nOrE6bnDl5RBJyW3zi74P6GwIDAQABo4IBWTCCAVUwDAYDVR0TAQH/BAIwADBWBglg hkgBhvhCAQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg b3ZlciB0byBodHRwOi8vd3d3LkNBY2VydC5vcmcwDgYDVR0PAQH/BAQDAgOoMEAGA1UdJQQ5 MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4 QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9y ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tlLmNybDA0 BgNVHREELTArgRRhaGZlcnJvaW43QGdtYWlsLmNvbYETYWhlbW1lbGdAb2hpb2d0LmNvbTAN BgkqhkiG9w0BAQ0FAAOCAgEAGvl7xb42JMRH5D/vCIDYvFY3dR2FPd5kmOqpKU/fvQ8ovmJa p5N/FDrsCL+YdslxPY+AAn78PYmL5pFHTdRadT++07DPIMtQyy2qd+XRmz6zP8Il7vGcEDmO WmMLYMq4xV9s/N7t7JJp6ftdIYUcoTVChUgilDaRWMLidtslCdRsBVfUjPb1bF5Ua31diKDP e0M9/e2CU36rbcTtiNCXhptMigzuL3zJXUf2B9jyUV8pnqNEQH36fqJ7YTBLcpq3aYa2XbAH Hgx9GehJBIqwspDmhPCFZ/QmqUXCkt+XfvinQ2NzKR6P3+OdYbwqzVX8BdMeojh7Ig8x/nIx mQ+/ufstL1ZYp0bg13fyK/hPYSIBpayaC76vzWovkIm70DIDRIFLi20p/qTd7rfDYy831Hjm +lDdCECF9bIXEWFk33kA97dgQIMbf5chEmlFg8S0e4iw7LMjvRqMX3eCD8GJ2+oqyZUwzZxy S0Mx+rBld5rrN7LsXwZ671HsGqNeYbYeU25e7t7/Gcc6Bd/kPfA+adEuUGFcvUKH3trDYqNq 6mOkAd8WO/mQadlc3ztS++XDMhmIpfBre9MPAr6usqf+wc+R8Nk9KLK39kEgrqVfzc/fgf8L MaD4rHnusdg4gca6Yi+kNrm99anw7SwaBrBvULYBp7ixNRUhaYiNW4YjTrYxggShMIIEnQIB ATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5v cmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW EnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEG5VMAkGBSsOAwIaBQCgggH1MBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MDQyMTE5NTUxN1owIwYJKoZIhvcNAQkE MRYEFAOEBhElrKsfo9ZIDJgI9jwPX5UHMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEq MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgZEGCSsGAQQBgjcQBDGBgzCBgDB5MRAwDgYD VQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMT GUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2Fj ZXJ0Lm9yZwIDEG5VMIGTBgsqhkiG9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQKEwdSb290IENB MR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2ln bmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEG5V MA0GCSqGSIb3DQEBAQUABIICAFhmkgY2PT+oSBQcviePxY5ouyM3AFhtle5I3KWlQ8Ck0EjF PUpyisEpzaCfx1N9SedyGPCnLVr9NWSwF78IgYYIs1xaR/eAx1HYzbPMVR2XP9ld0mUaWmkx O2BPIXRJ8qmm2HpXeYLCttxRp6aGecqhHGJ5nUYv0Y3tWEJGOkzk1oIEShFPOqI2JDmDEO5W z1RyrqnqWa+NDl65SMOYRBEZRi3RV8IaPzYYfJOrLDcuEfxB/Mp0/uqrTG6Vb+Q37AZe5bdV KV2VUSy2cxc6FwvlxKyjI2Lpra7/NGommEA9d/9p6xtvtKu2MMmk0Is5vMDGdat2CJmMwL9F Zwx+hMriBp/cvBvPX5aAZ3NVrk23AZeUxV1Rjo5MOk/Mxam6nTaMAa8tvkx1DgV9E+ajayAW Rt+mXuXGJ6np7QW1NzuFdfSihNuMn+W8Sa1LTjOgWQhj35Y95LgTiKJwtpYsz+wpvXAR8kSg 34bl9FJWTTmpDKSmfiW5Tc2WCpQCmwCJA1T5wTWqNtuUNMLTZnJ7ycwBj4WiuYRv9nCWwCgv ybOarxntKTD2NfiKN3s6pGGMeCUWoHSGWNGA4lfcMCZIZ7nlO7mlHiptrKrGgp2z5OTizoHW va8NjriIbNQL3XRXgJ9L0pt3nZkw6X6z4K6chlRWa+WN4aLHZbXPcDJjQXHRAAAAAAAA --------------ms080802040204000704000200-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/