Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp2123876ybc; Wed, 13 Nov 2019 09:19:06 -0800 (PST) X-Google-Smtp-Source: APXvYqxQvhVOCj5IsdX7wL5rm7T9SNfKJPglzcfbxKj4ENNdPI3qT7nJi4jWlVVY8BR87d8R1oiC X-Received: by 2002:a17:906:fac7:: with SMTP id lu7mr3977182ejb.5.1573665546025; Wed, 13 Nov 2019 09:19:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573665546; cv=none; d=google.com; s=arc-20160816; b=NpjaS5Q20domQ5qHIkWl8tj0tBiYvyXfYbPsSWvnxtu5VPhsHCKwigf4x03StaKUhy tFtviwhiY76JVfbkTW1LKLbgC+0vD0jeQNBp8iEjxEq4Z7L4agNRjykEhaeRIXv+0i+H 0n6yFwZfnAB8TQHBKnnlnGTkiOXaX1DHrs7ahWjZ3YDxrqVpJrTOyDFHdqATh57VPN54 are9F5FSQpYEQ5djjrlh4JgJTjqDWpKUh66z/mmfANyeMTy2KYnAkNmJaNlmvPDcnM2i rNrtO7K9RFJTiu1k5ytaSYJBSw1E/I0QhNW6D8cdlaA2Uvl1f82X5J+OWdcldS4kWGsg Of7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=oVfwiSp+CCVuO7gwDDwfVCYiALcYNYj8C4nivlUEYh4=; b=m52dp9E7g5Z/iNt/DK5nLmg55VqfZstcwHO0zuoQWIzAD3YgHwGTe7Rc3f4gUcDQYr fyqgCfPwppMV1KBmIwdRPRWSwIUOwtk5eLegmu7j7tWaLSYhAhDAtzWK3N06F6mkQB77 V4n1zASh9H9gOizlJyV3EC3OH4l2eAto+dfta94ik+1o5K+YjFTLu7yKdG5ofZQRlAd1 Rlu0NUdIu5HtI9vuvUJmoDJ5HUwaa18ycm2Yz4fQNRvHgcRNeq6mGRpVQU5e9GI8jc0a ozs/hkKH7eZut7Kz+V0v8FXVIhZlrd7jTVGXzSm14s62U07wPqZNVLU5H3i/7W436OhX yWuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hEU4Jc+T; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n2si1687741ejx.38.2019.11.13.09.18.41; Wed, 13 Nov 2019 09:19:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hEU4Jc+T; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728578AbfKMQlC (ORCPT + 99 others); Wed, 13 Nov 2019 11:41:02 -0500 Received: from mail-oi1-f196.google.com ([209.85.167.196]:33503 "EHLO mail-oi1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727729AbfKMQlB (ORCPT ); Wed, 13 Nov 2019 11:41:01 -0500 Received: by mail-oi1-f196.google.com with SMTP id m193so2386872oig.0 for ; Wed, 13 Nov 2019 08:41:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oVfwiSp+CCVuO7gwDDwfVCYiALcYNYj8C4nivlUEYh4=; b=hEU4Jc+TMKFYo/hClXe4LbEOv2c6xDkpCXQqwl0Z22xOispCr4ItFBq6P3SIqqjsFY VMPkl2Ip3H8rGxZ+odTDTzTUfRJqbARb1f9rXcXv9CUCREofvYLctcVawyyirByAJMwN ei9fYe5bFlcuSzGJ5HwVndtFoKKv1vq4h+2X/TvDP618luMx3USRKABKneg9QTW0bRYp tkrge1Oo0QMqdYnIZnCmlxjw8E75S707Q2y3nfSTEUBKrhHBJIA0SMfHFNrHUt2bVP/7 ZCtGzajbwdi4S8LQsNV+0V9OHy41RBEk3rr3XBiAVi05uEylHilzdK2PGwAkDhAT7pE1 m7uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oVfwiSp+CCVuO7gwDDwfVCYiALcYNYj8C4nivlUEYh4=; b=B+GZC6hGGWQH6z9fk6rkTMQk7w5ICaN6QK7xLtPAVXxJC2Sb6mAHdg1Ig7nPqKrOEv ZmKniawaQx8otF7TBlhX/8ssa6tJgHW+xRkJ5MN4fFBmNpfES02I127Doc0sAb72zeIr zGz/s0+QAT4ZAaeksuUaDkeKwyKYfUPp/ttVpKjP+siNutCAgjUZIU5S8oyc4km+9mi0 NU7sJvwrFpPE7BJdR0cGZ2YJ+lT/U18YN5O0tQhotQLP9RBR9f7P5GZkqoVqlpuNQlR2 6pTwCHwbIOJI1xVofEZ2sg1GhXS6bLSuWJLtfVdWkjFtuLnfgh50aCylD8zEQfuYXm+s 6EOA== X-Gm-Message-State: APjAAAWlNn5eRRBhAOaAWOZ2d4NBkn4MXNzD4TQPvPHQf/ws4xg6eVeA 99JLB/kgPPnucP/IRTZAQvcKJlvXlB2+5MEM2FXIiA== X-Received: by 2002:a05:6808:9a1:: with SMTP id e1mr4473205oig.175.1573663259884; Wed, 13 Nov 2019 08:40:59 -0800 (PST) MIME-Version: 1.0 References: <74a91362-247c-c749-5200-7bdce704ed9e@gmail.com> <20191112232239.yevpeemgxz4wy32b@wittgenstein> <13bc7935-8341-bb49-74ea-2eb58f72fd1f@gmail.com> In-Reply-To: <13bc7935-8341-bb49-74ea-2eb58f72fd1f@gmail.com> From: Jann Horn Date: Wed, 13 Nov 2019 17:40:33 +0100 Message-ID: Subject: Re: [PATCH] Allow restricting permissions in /proc/sys To: Topi Miettinen Cc: Luis Chamberlain , Kees Cook , Alexey Dobriyan , "linux-kernel@vger.kernel.org" , "open list:FILESYSTEMS (VFS and infrastructure)" , Linux API , Christian Brauner Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 13, 2019 at 5:19 PM Topi Miettinen wrote: > On 13.11.2019 18.00, Jann Horn wrote: > > On Wed, Nov 13, 2019 at 12:22 AM Christian Brauner > > wrote: > >> On Sun, Nov 03, 2019 at 04:55:48PM +0200, Topi Miettinen wrote: > >>> Several items in /proc/sys need not be accessible to unprivileged > >>> tasks. Let the system administrator change the permissions, but only > >>> to more restrictive modes than what the sysctl tables allow. [...] > > In kernel/ucount.c, the ->permissions handler set_permissions() grants > > access based on whether the caller has CAP_SYS_RESOURCE. And in > > net/sysctl_net.c, the handler net_ctl_permissions() grants access > > based on whether the caller has CAP_NET_ADMIN. This added check is > > going to break those, right? > > > > Right. The comment above seems then a bit misleading: > /* > * sysctl entries that are not writeable, > * are _NOT_ writeable, capabilities or not. > */ I don't see the problem. Those handlers never make a file writable that doesn't have one of the three write bits (0222) set.