Received: by 10.223.164.202 with SMTP id h10csp2208360wrb;
        Mon, 27 Nov 2017 13:32:47 -0800 (PST)
X-Google-Smtp-Source: AGs4zMZeFlfRssY825UuNcwxr8xV+Oqpn94IjsN4gskykqS5P8hpngZEm3pcBFKVZTGYd2aYDA9n
X-Received: by 10.101.81.13 with SMTP id f13mr5561813pgq.150.1511818367489;
        Mon, 27 Nov 2017 13:32:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511818367; cv=none;
        d=google.com; s=arc-20160816;
        b=yPIiO4fg11Ybh8JzkQstrbdyMUvTyPgUyT6Tf2ZqBlJPxQXIG/LApIPclXyBwi+4n5
         5YzyAMN2x6CBwuqNl4hIbLgUc/TkXniiI1rFV4ISzU0RoPu3T0GDtekYkJ28pYvJF/2u
         GPX+jz5CCoULDs/jP0XiplS9Xy1QTy51gnbkSYqgInmXk545AeFoIkNgy5lbupawFz0c
         BW2mo6Hdjn9ezqR5ByI/bjsckoMsnr4OOTe46lV+MmI/Mj9Rn4Wu8T0lft5yVfU7vUiQ
         haQJcPMp/Ll+3K95saLLvtBHjVN8lTktH4TmrlV7XEazPpbWmueztegM9AiYzCEbJjgf
         bIQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=7BGT1MwUipwtEFX5W7DZYoQc2cHUNM/P8JT88yLgUSo=;
        b=vGwUzIek67nWc6rWy7kUc5R8Jyq9JSCJML7Mb595WUdKriLc7ZAAtNY/u7BZ5UqF1A
         V9u7sTSi9cqmkmcVfhRwnVX1CWbke7ESSpxiLUv4OceSIqWX1QUtEtLFBarMW/asegnX
         DZp5TABgRjW2/kWxuRqUKEiV/yC2hsOqAnHkZrBpbFKpiwuVhEg2mB0+h80oEXThhT7r
         xptBTIeaHxCLVl38UEqfJfekFXz60cwuKgpilhOUml9oj8dWNHL92i+9Z+EeSbEgL61c
         pxGq0p0jzW9m4qS/abTvBJzrAKhMNoXrSAOCrBUwRgeQhx2e3lLzBwDgu+8CdWFrfGPM
         Z23Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=SYJdvdhM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f15si23626682pgn.241.2017.11.27.13.32.34;
        Mon, 27 Nov 2017 13:32:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=SYJdvdhM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752459AbdK0Vb6 (ORCPT <rfc822;xuyizhaos@gmail.com> + 78 others);
        Mon, 27 Nov 2017 16:31:58 -0500
Received: from mail-qk0-f182.google.com ([209.85.220.182]:39742 "EHLO
        mail-qk0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751631AbdK0Vb4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Nov 2017 16:31:56 -0500
Received: by mail-qk0-f182.google.com with SMTP id w125so34435254qkb.6;
        Mon, 27 Nov 2017 13:31:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=7BGT1MwUipwtEFX5W7DZYoQc2cHUNM/P8JT88yLgUSo=;
        b=SYJdvdhMRi84JtSP045rSpF5gmo4WHKmHXUF7QHjWtGAEJTjlFVtgPUuLOYt3Mna+7
         Hdf3FdxHKFi7D5KJTHep3r3njO6g0BWiIYDLJXOh9/FDoZ+PBugS8zaEOHMfjWAGdylg
         q19QXZTfsWh55KvubgyjKUgL+lsho/gjXYltdeXEpjBKlAjr3p72mJNrrVeRTdRvkzWB
         AdyiUpaKBi+5ARhQA9oZpag6/i2yqNOIKyhW2HP9r9UjrGv00ueEYRYQm9irWlSYGkRI
         UZ7+3tCX6J+QCwkvc3fupTm6+Y3z+b5fdcpnXWKuvg7zS7QvwrG+d4ZhOp1LFvcVBjnY
         U+Bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=7BGT1MwUipwtEFX5W7DZYoQc2cHUNM/P8JT88yLgUSo=;
        b=ntXRphMaURsVKLq8QFCgKmgLjnf/UexXr4wFR2X04/hOaBuzGV9Sc2d4jiyTfevBmk
         nYrdWi+Qm7MnlWpsfvm0f4tIUvcxzkzp3kji4/X9BvWG6OQ8al1j7B4xY8gPWkbXEu98
         N1LbIeOUT8z1wT9Y79oJDroZ5Hh4HTUt6jTkmDkV1gz9D2NG3/qxWrsyFynvqIvmiSaq
         A7+19m8FGJmjV7INEC2E4/y4pqQtwum2PUqcmo1sqPAoWL8U8qTiCqzOgefBXhdT4I8d
         uHJ747QExAxUE+/8UVd7PLAQ7deoQRxai29Li1Iuhem6usNICfzczo6wi+mXhSZQZd0W
         YR8Q==
X-Gm-Message-State: AJaThX6jzgJQt5N0EZN/dcsCO6tZ4k07Gsfid47wUgIlQ560zhVKONOR
        ayWG4iB7Id0znBi0AYE1hHkcv96ItXaaNlAXens=
X-Received: by 10.55.214.133 with SMTP id p5mr59455469qkl.212.1511818315375;
 Mon, 27 Nov 2017 13:31:55 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.31.132 with HTTP; Mon, 27 Nov 2017 13:31:54 -0800 (PST)
In-Reply-To: <CA+55aFxcte0puN32cV25p8Ex2PKzb3mug-OzpzWWw1EvY35=AA@mail.gmail.com>
References: <1511803118-2552-1-git-send-email-tixxdz@gmail.com>
 <CA+55aFwFEzEU9ci=mFZprjzrhG0P0XgXgqhBSWSv7vFWEAw6rQ@mail.gmail.com>
 <CA+55aFwhmgaoHUtCx2=m4SWBtG4dtmY3M8qHLjwe0UaLkBz_eA@mail.gmail.com> <CA+55aFxcte0puN32cV25p8Ex2PKzb3mug-OzpzWWw1EvY35=AA@mail.gmail.com>
From:   Djalal Harouni <tixxdz@gmail.com>
Date:   Mon, 27 Nov 2017 22:31:54 +0100
Message-ID: <CAEiveUfw4J2NZ3Ea1Cc4kXpAj0iWKSZjKzYA8ShPZBVKyOd5BA@mail.gmail.com>
Subject: Re: [PATCH v5 next 0/5] Improve Module autoloading infrastructure
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        "Luis R. Rodriguez" <mcgrof@kernel.org>,
        James Morris <james.l.morris@oracle.com>,
        Ben Hutchings <ben.hutchings@codethink.co.uk>,
        Solar Designer <solar@openwall.com>,
        Serge Hallyn <serge@hallyn.com>, Jessica Yu <jeyu@kernel.org>,
        Rusty Russell <rusty@rustcorp.com.au>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        "kernel-hardening@lists.openwall.com" 
        <kernel-hardening@lists.openwall.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Ingo Molnar <mingo@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Network Development <netdev@vger.kernel.org>,
        Peter Zijlstra <peterz@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Linus,

On Mon, Nov 27, 2017 at 8:12 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Mon, Nov 27, 2017 at 11:02 AM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
>>
>> Now, the above will not necessarily work with a legacy /dev/ directory
>> where al the nodes have been pre-populated, and opening the device
>> node is supposed to load the module. So _historically_ we did indeed
>> load modules as normal users. But does that really happen any more?
>
> Sadly, it looks like bluetoothd actually does expect to load the
> bt-proto-XYZ modules with no capabilities at all.
>
> So apparently we really do depend on not needing capabilities for
> module loading.
>
> Oh well.

Yes DCCP is unprivileged, tun and all tunneling, some md drivers, some
crypto, and device drivers... fs modules can be loaded inside
usernamespaces, and maybe when some request requires external symbols
too...

However tunneling helps to solve real usecases, so that's why the
backward compatibility and opt-in.

I do perfectly understand that opt-in is not the best choice, however
these patchset includes a per process tree, and given that lot of code
is running in containers and sandboxes, it is better than nothing. I
will follow up later with patches to the major ones especially when we
force the flag by default. Ubuntu was said to be owned in a past
security contest due to this kind of things, and now since they have
ubuntu snaps or apps they can set the flag, and others will follow.

Thanks!

>                  Linus



-- 
tixxdz

From 1585247828337395667@xxx Mon Nov 27 19:15:39 +0000 2017
X-GM-THRID: 1585240558529359461
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread