Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752035AbbKJLzh (ORCPT ); Tue, 10 Nov 2015 06:55:37 -0500 Received: from tschil.ethgen.ch ([5.9.7.51]:35502 "EHLO tschil.ethgen.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750906AbbKJLzf (ORCPT ); Tue, 10 Nov 2015 06:55:35 -0500 Date: Tue, 10 Nov 2015 12:55:27 +0100 From: Klaus Ethgen To: Andy Lutomirski Cc: Serge Hallyn , Kees Cook , Christoph Lameter , "Serge E. Hallyn" , Andrew Morton , Richard Weinberger , "Theodore Ts'o" , Austin S Hemmelgarn , LKML , Linus Torvalds Subject: Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities Message-ID: <20151110115526.GA2958@ikki.ethgen.ch> Mail-Followup-To: Andy Lutomirski , Serge Hallyn , Kees Cook , Christoph Lameter , "Serge E. Hallyn" , Andrew Morton , Richard Weinberger , Theodore Ts'o , Austin S Hemmelgarn , LKML , Linus Torvalds References: <20151106135835.GB11901@ikki.ethgen.ch> <20151106155303.GB6160@thunk.org> <20151106175619.GA19491@ikki.ethgen.ch> <20151106181820.GB16749@mail.hallyn.com> <20151107110246.GA7230@ikki.ethgen.ch> <5640C999.5050807@gmail.com> <20151109172340.GF3714@ikki.ethgen.ch> <5640EDB4.70407@gmail.com> <20151109212937.GA17624@ikki.ethgen.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; x-action=pgp-signed In-Reply-To: OpenPGP: id=79D0B06F4E20AF1C; url=http://www.ethgen.ch/~klaus/79D0B06F4E20AF1C.txt; preference=signencrypt User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2919 Lines: 73 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Andy, Am Di den 10. Nov 2015 um 1:06 schrieb Andy Lutomirski: > > So, answered that I get very frustrated. We talk about details that have > > nothing to do with the main problem. The main problem is that there is > > no way to disable ambient capabilities or, even better, to _enable_ them > > explicitly if needed. That is a real problem that exists now in the > > kernel. > > > > Please focus on that problem! > > No, and I'm now done with this thread. Sorry. Sad to hear that. > You can use the securebit to turn them off if you care. The problem is that this is not applyable here. Securebits are great for stuff that is locked in. But here we talk about every process, every thread in the system. There is simply no way to set securebits with system start. > You can tell other people that they write privileged programs in the > wrong programming language if you like. Hey, it is not about programming languages. I never said something in that direction! I brought python programs for a bad example in programming and how developers work. But that example can be made in any language. Moreover, as python is a script language, I would not like it at all, having any raised capabilities. And that is also valid for perl that I like much more. > No code change from me appears to be needed or warranted. I could come up with a patch, adding a new capability for enabling ambient capabilities. But as I do not have the full great kernel code overview, I might miss some security relevant stuff here. Thats why I do not came up with a patch. However, when such a patch could have a change to get reviewed my some more experienced kernel hacker than I am and if there would be a change to get it into the kernel, I will come up with such a patch. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGbBAEBCgAGBQJWQdspAAoJEKZ8CrGAGfas8B8L+J66vXjZFyxnSjW5iE0mLSS/ CB0kQ9Capyb5eLsDWcjTi+DmO1xTQS+LRJ77HClX6yQUUNTjn4d/kkDtNhm64sER d0KRvn/B2kOBNhDU1WZ4CELzazaRFMhDEYxNIy4JXuJawB1CDv5O92gjFZ2NjNSp KN8fP3CaecNJ4d/dBMCPwCPyAKIfm8fwSvHQaI1yguP2MMe2gMtken59+PEbKoqr m0Y5nJFuZ+LfSedTJdzbINQtmh0iFXEL4hNYaJnz7QyK4wsqwcBET9CZSK2twtsZ EyxtFizL363ubFdrmdzBZjziC48+U00KEh1Zgrf6xgqvkWcp0KL1v9Fg0kgA5pUa SNIei5oVDce8sAWerkpqRO+gvvw9mSzGusv7YkDuoRiw8Q1Z42X0Ro5Lyedff2X4 0nRMMH1lU20oJhemUk4X3E9SN2ZxZ4Xwa4OjhWuSUMeLOIEo+ssflFVhFPv45qpr CHjBZAvfBuiZfkobm6duXrvSX5rtqbf2fGb4fBV0 =518a -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/