Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp208219rdb;
        Fri, 5 Jan 2024 07:24:24 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHNEfWMGb9LujF2M4GZ9u3L4Ypvb+wk/PVeve4gWip7VKNxjL60PUzdg46ibQJOphxLRlmK
X-Received: by 2002:a17:90a:f3d8:b0:28c:b3a0:f108 with SMTP id ha24-20020a17090af3d800b0028cb3a0f108mr2107249pjb.43.1704468264374;
        Fri, 05 Jan 2024 07:24:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704468264; cv=none;
        d=google.com; s=arc-20160816;
        b=T0C85Ylkae+wdNVxpk1ZE6I3fEMp+6A7mRiAl9hwQKbyEcx9c/Vx0YxQLMLHBVFgr/
         PTFZGkj1OL78lmxVnpBAeDx9JA4Nfo7MWSRPHFIB9cR2xOShF+2LaYcd9Mhj57syQJk4
         +mXdkZDfBiQVUovlPG2+sHu+VcVViyZD/BptpXva3m7zr9V9c8shAzgewP9kM/2Xm9nQ
         k1WsjBsLK4/xWkE+5AuQX51tEzbwj6OcolrrTN5jz52HP4S0gxbqH9rke/Bp+vRAxvJ4
         KXSssl+PSnun+Y1g/x0hscDFuBHFv+SBPhH1j87aOKHVA1xmUGrF2WQHlgpo1pL4J96+
         jUqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=C8cTJ9cF7f7kjCtZvPbtjoizYwOtu5qwKSGBqgmK7tc=;
        fh=2Z7z7uxTFTYdsUrRfyguSiocrEDMzoUep7yBntQmkpw=;
        b=KbkE9FhQG+qzkieGenEoyQTYz7CpZ8Y+18wZWh9IcbeI+x5qlFcnbi4GyaVRdO9JAq
         CBLw4BjVcbPeFsynafdDE9N2hW+PIcO3vTN9vDCSH7MDHpUzoD6pZScZe2kki2iBBHNe
         Uc2XjgKt2BQJzP3Ew1LGx53Ok0+3Vwd9KDb2qsA+0iLqtoDQxyOIqUlQ937N6NBVG3hC
         QlreD5epqmXUdWqnot1RfdMfFMg+SS1+MNslSAjWQKHP5uXKL19CrNnilWkKmMxrI6/q
         CrxXIgzT2NxvS62xCZmp368pe/cHkrel63T8sukiT8omQxm3Bw4LEm64GiSZV4oS63lf
         LlhA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=google header.b=g7t5q+CV;
       spf=pass (google.com: domain of linux-kernel+bounces-17995-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-17995-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Return-Path: <linux-kernel+bounces-17995-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id d12-20020a17090ab30c00b0028c708ae57csi961704pjr.69.2024.01.05.07.24.24
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 05 Jan 2024 07:24:24 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-17995-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=google header.b=g7t5q+CV;
       spf=pass (google.com: domain of linux-kernel+bounces-17995-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-17995-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 01354284F06
	for <linux.lists.archive@gmail.com>; Fri,  5 Jan 2024 15:24:24 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B0E102E63B;
	Fri,  5 Jan 2024 15:24:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="g7t5q+CV"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com [209.85.218.48])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B23362E62C
	for <linux-kernel@vger.kernel.org>; Fri,  5 Jan 2024 15:23:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com
Received: by mail-ej1-f48.google.com with SMTP id a640c23a62f3a-a28a6cef709so185881866b.1
        for <linux-kernel@vger.kernel.org>; Fri, 05 Jan 2024 07:23:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=suse.com; s=google; t=1704468236; x=1705073036; darn=vger.kernel.org;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date:from:to
         :cc:subject:date:message-id:reply-to;
        bh=C8cTJ9cF7f7kjCtZvPbtjoizYwOtu5qwKSGBqgmK7tc=;
        b=g7t5q+CVqeZp1q4d83VHDDjnuwIBAiBJJjV4Sr7gPQsJS7bzTEEl20LI8afEGjKo1i
         MDu2pj902Xuq4iRgVsDwxyYsztBc9d+kOtU3mRJo5VKEhaasltrirbXliDAabdsa+emo
         sLe/L2Bqt9h/97mCPgI0kDzu23Q+3Mo6RirhS4hN7SeXMuflG2YOJTl1cle86Qh9pEi6
         ME23YGG3ihPwcbw8e9x9LSdbvQcYk+zXQ5tt0tRLzw+ThPxJULA+TFoCMOLZlMVYErf0
         3ZC7pbu39JKSW56zSX9XsoPmJXzXiuQjSVNyRrwngDW5nb/oVZt00oFa8tLn+HVpZWK4
         N1wA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704468236; x=1705073036;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=C8cTJ9cF7f7kjCtZvPbtjoizYwOtu5qwKSGBqgmK7tc=;
        b=LUzwgdKDtBrwNtEzI1tOiWiS3mD8qtSZPzkM2/lpfFbosL9RUaWdHwz1GWFSkc1Y5d
         rr/baoS0ls3bfnA44uZd0YfOP+82hNDeO6pqlvMKn8f4i2n2d+7jk8Z/bP2LLpaChL9K
         2YjeT3HZM56iSKUoMoEjy43YUPoMMvfWK+rOYCHH/EQuWoLypnI28UyBnjvv3ZECQVkm
         cpwbesCkeoExVnjuIbkOJXpDE163cDxcp8GfGUbULgKaARA8yQWJmqL2WqbOAWRnNTEI
         yd5c34qLAyJY4f7bkqTgO8VdM1+9d3kqptm9eKrhDOjY3izKc1EBPtvOrwHx97Zn586x
         4oNQ==
X-Gm-Message-State: AOJu0YwdEGhi0bQYdRw+Ya+libwPKMG4dEPmlt1UzAPJwFLdTnZ/dRgd
	iQNWLKtc+VNXce7mLfaiWAb0KkotV+VifQ==
X-Received: by 2002:a17:907:928b:b0:a27:5343:d3e8 with SMTP id bw11-20020a170907928b00b00a275343d3e8mr1511305ejc.97.1704468235960;
        Fri, 05 Jan 2024 07:23:55 -0800 (PST)
Received: from alley ([176.114.240.50])
        by smtp.gmail.com with ESMTPSA id h26-20020a1709066d9a00b00a26aea4942dsm966126ejt.123.2024.01.05.07.23.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 05 Jan 2024 07:23:55 -0800 (PST)
Date: Fri, 5 Jan 2024 16:23:53 +0100
From: Petr Mladek <pmladek@suse.com>
To: Theodore Ts'o <tytso@mit.edu>
Cc: Jingzi Meng <mengjingzi@iie.ac.cn>, gregkh@linuxfoundation.org,
	gpiccoli@igalia.com, john.ogness@linutronix.de,
	keescook@chromium.org, linux-hardening@vger.kernel.org,
	linux-kernel@vger.kernel.org, rostedt@goodmis.org,
	senozhatsky@chromium.org, tony.luck@intel.com
Subject: Re: [PATCH] cap_syslog: remove CAP_SYS_ADMIN when dmesg_restrict
Message-ID: <ZZgfCZKho2Dsv7VM@alley>
References: <2024010306-tweezers-skinhead-083e@gregkh>
 <20240105062007.26965-1-mengjingzi@iie.ac.cn>
 <20240105144944.GA246367@mit.edu>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20240105144944.GA246367@mit.edu>

On Fri 2024-01-05 09:49:44, Theodore Ts'o wrote:
> On Fri, Jan 05, 2024 at 02:20:07PM +0800, Jingzi Meng wrote:
> > CAP_SYSLOG was separated from CAP_SYS_ADMIN and introduced in Linux
> > 2.6.37 (2010-11). For a long time, certain syslog actions required
> > CAP_SYS_ADMIN or CAP_SYSLOG. Maybe it’s time to officially remove
> > CAP_SYS_ADMIN for more fine-grained control.
> > 
> > CAP_SYS_ADMIN was once removed but added back for backwards
> > compatibility reasons. In commit 38ef4c2e437d ("syslog: check cap_syslog
> > when dmesg_restrict") (2010-12), CAP_SYS_ADMIN was no longer needed. And
> > in commit ee24aebffb75 ("cap_syslog: accept CAP_SYS_ADMIN for now")
> > (2011-02), it was accepted again. Since then, CAP_SYS_ADMIN has been
> > preserved.
> > 
> > Now that almost 13 years have passed, the legacy application may have
> > had enough time to be updated.
> 
> What testing have you done to make sure that this is OK?  "May have
> had enough time"?  That's not very reassuring?
> 
> Also, note that we can't actually reuse the bit position of
> CAP_SYS_ADMIN since it's likely that there may be pre-existing
> capability masks that are still using that position.  So there isn't
> all that much upside in trying to retire CAP_SYS_ADMIN --- if you as a
> system administrator think it's not too course, then just don't use
> it.
> 
> It's unclear to me what goal you have in trying to mess with the
> capability definitions?  Perhaps it might be useful if you were to
> explicitly state your goals in these proposals?

My understanding is that this patch is about reducing overlap of
capabilities.

Allowing the same thing with more capabilities seems to go against
the idea of separate capabilities.

Kernel has printed the warning for 13 years. It is a long
time to fix configuration for newly installed systems. And I doubt
that anyone is installing a new kernel on 13 year's old system.

IMHO, this fits into the category that it should be OK until
anyone complains. But I might miss something.

Best Regards,
Petr