Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752035AbbKJLzh (ORCPT <rfc822;w@1wt.eu>);
	Tue, 10 Nov 2015 06:55:37 -0500
Received: from tschil.ethgen.ch ([5.9.7.51]:35502 "EHLO tschil.ethgen.ch"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750906AbbKJLzf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 10 Nov 2015 06:55:35 -0500
Date: Tue, 10 Nov 2015 12:55:27 +0100
From: Klaus Ethgen <Klaus+lkml@ethgen.de>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>, Kees Cook <keescook@chromium.org>,
        Christoph Lameter <cl@linux.com>, "Serge E. Hallyn" <serge@hallyn.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Richard Weinberger <richard.weinberger@gmail.com>,
        "Theodore Ts'o" <tytso@mit.edu>,
        Austin S Hemmelgarn <ahferroin7@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks
 security in systems  using capabilities
Message-ID: <20151110115526.GA2958@ikki.ethgen.ch>
Mail-Followup-To: Andy Lutomirski <luto@amacapital.net>,
	Serge Hallyn <serge.hallyn@ubuntu.com>,
	Kees Cook <keescook@chromium.org>, Christoph Lameter <cl@linux.com>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	Theodore Ts'o <tytso@mit.edu>,
	Austin S Hemmelgarn <ahferroin7@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
References: <20151106135835.GB11901@ikki.ethgen.ch>
 <20151106155303.GB6160@thunk.org>
 <20151106175619.GA19491@ikki.ethgen.ch>
 <20151106181820.GB16749@mail.hallyn.com>
 <20151107110246.GA7230@ikki.ethgen.ch>
 <5640C999.5050807@gmail.com>
 <20151109172340.GF3714@ikki.ethgen.ch>
 <5640EDB4.70407@gmail.com>
 <20151109212937.GA17624@ikki.ethgen.ch>
 <CALCETrUE5FwqtCBMq8+K6owwTn0vhdHjO0TzoMKhN6_vaNSRhw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; x-action=pgp-signed
In-Reply-To: <CALCETrUE5FwqtCBMq8+K6owwTn0vhdHjO0TzoMKhN6_vaNSRhw@mail.gmail.com>
OpenPGP: id=79D0B06F4E20AF1C;
 url=http://www.ethgen.ch/~klaus/79D0B06F4E20AF1C.txt; preference=signencrypt
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2919
Lines: 73

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Andy,

Am Di den 10. Nov 2015 um  1:06 schrieb Andy Lutomirski:
> > So, answered that I get very frustrated. We talk about details that have
> > nothing to do with the main problem. The main problem is that there is
> > no way to disable ambient capabilities or, even better, to _enable_ them
> > explicitly if needed. That is a real problem that exists now in the
> > kernel.
> >
> > Please focus on that problem!
> 
> No, and I'm now done with this thread.  Sorry.

Sad to hear that.

> You can use the securebit to turn them off if you care.

The problem is that this is not applyable here. Securebits are great for
stuff that is locked in. But here we talk about every process, every
thread in the system. There is simply no way to set securebits with
system start.

> You can tell other people that they write privileged programs in the
> wrong programming language if you like.

Hey, it is not about programming languages. I never said something in
that direction!

I brought python programs for a bad example in programming and how
developers work. But that example can be made in any language. Moreover,
as python is a script language, I would not like it at all, having any
raised capabilities. And that is also valid for perl that I like much
more.

> No code change from me appears to be needed or warranted.

I could come up with a patch, adding a new capability for enabling
ambient capabilities. But as I do not have the full great kernel code
overview, I might miss some security relevant stuff here. Thats why I do
not came up with a patch.

However, when such a patch could have a change to get reviewed my some
more experienced kernel hacker than I am and if there would be a change
to get it into the kernel, I will come up with such a patch.

Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGbBAEBCgAGBQJWQdspAAoJEKZ8CrGAGfas8B8L+J66vXjZFyxnSjW5iE0mLSS/
CB0kQ9Capyb5eLsDWcjTi+DmO1xTQS+LRJ77HClX6yQUUNTjn4d/kkDtNhm64sER
d0KRvn/B2kOBNhDU1WZ4CELzazaRFMhDEYxNIy4JXuJawB1CDv5O92gjFZ2NjNSp
KN8fP3CaecNJ4d/dBMCPwCPyAKIfm8fwSvHQaI1yguP2MMe2gMtken59+PEbKoqr
m0Y5nJFuZ+LfSedTJdzbINQtmh0iFXEL4hNYaJnz7QyK4wsqwcBET9CZSK2twtsZ
EyxtFizL363ubFdrmdzBZjziC48+U00KEh1Zgrf6xgqvkWcp0KL1v9Fg0kgA5pUa
SNIei5oVDce8sAWerkpqRO+gvvw9mSzGusv7YkDuoRiw8Q1Z42X0Ro5Lyedff2X4
0nRMMH1lU20oJhemUk4X3E9SN2ZxZ4Xwa4OjhWuSUMeLOIEo+ssflFVhFPv45qpr
CHjBZAvfBuiZfkobm6duXrvSX5rtqbf2fGb4fBV0
=518a
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/