Received: by 10.223.164.202 with SMTP id h10csp1099893wrb; Thu, 9 Nov 2017 21:29:51 -0800 (PST) X-Google-Smtp-Source: ABhQp+Sblre7GtG4K1JhUcdoQcNY0ZvMSHoC1FPtu2cKRUfclmTMmuMJojFlcp+d8g1yZwTA19NG X-Received: by 10.84.210.66 with SMTP id z60mr3005416plh.168.1510291790997; Thu, 09 Nov 2017 21:29:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510291790; cv=none; d=google.com; s=arc-20160816; b=mshptKCjGmJDoIeaTffV2Q+UEOlSlvz2p2ENfUI8HxDuWDTO+W3G9kGnod8LA72O1x RKjkEZi9DqHI5rYHihRSIhNSqSdlP2C3Gg9HxGBTf9QTAcKADwmX3SVP6O2BylNVZ5hi Qns0mGnJGis8eQ3j3KQNH/CUEkrsXo9Ee9zfUjZ1TwBaXqAc4TXN8lE/CFLxr2irOYQk tHfliQzr/AQQn3zF0wZLjnCopmb9LXV2wEZukF6R9xMUOD2a7j+cxd4Dnk7bhvQKzvl5 x+FIj8xhIkRUxEFNt1C9MAKoTlSL3CV9hKV8amtoDBVBcwOQxwIsg1ZsnprXW8vWTV2/ G+mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=T9weEOF28WUOmMOOGjeM6mMk4dZa2NFaY0nZ+P4hVDM=; b=DsJBcFy6CTsM9plNdUFYfL/q4x+8FpXgE3WQ9yakxQWwzkPquDjN0P7hk8lHulW3Hd umMsFzncU2Cuogylit4kCn+Fe7++dXsZW6QXXOsK+MRbLdShaiZvWHjqep6lChbT/wGu 9TlgrQPM3bMkM4gm5wRjFV6sa2OZWfffzmZWzWS2EAmILid8Erpl2M7i5En5zbSNs5jv UUtH9mFsdPbeeFXmlaaAKQynSLjCQE81jUANOzemMHbeAPoQiEsRrbkjGXqG8FT8iIEh RxxDKxUUDBa4c0vdMNtLPSuK2TW7pbhxSNTst5A2jjgc1l6RzJBcstFD2WANfAfuF92c exTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dJ9srK5V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 32si8070861plg.75.2017.11.09.21.29.29; Thu, 09 Nov 2017 21:29:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dJ9srK5V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751250AbdKJF22 (ORCPT + 83 others); Fri, 10 Nov 2017 00:28:28 -0500 Received: from mail-yw0-f179.google.com ([209.85.161.179]:49757 "EHLO mail-yw0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750860AbdKJF2Z (ORCPT ); Fri, 10 Nov 2017 00:28:25 -0500 Received: by mail-yw0-f179.google.com with SMTP id y16so1668098ywa.6 for ; Thu, 09 Nov 2017 21:28:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=T9weEOF28WUOmMOOGjeM6mMk4dZa2NFaY0nZ+P4hVDM=; b=dJ9srK5Vsq2sobEIBtlQzg1N4++eOz/jGTBeqSKy0oVoQ+cV6714cA71XHe39XKzY9 ereLPojBbIk0+0DoEYYOZkEp/eaNIzLaLNh5yRgYI4irrt7ldSFP3P4cGew4t837GpY7 ixQuNUnv8YRUXrIEBdrmcae+Aw+7+5dz/P21vYGWG03GMKOO1vzHDffTx0iHlwKehQNd R6dEYhYNI9Mke8UICbS2RyhqJzeB2r5h0KrCMyBa7U6Ot4e87BPve/+lE7ylWGsek48V NAgjoJDuexgtU29/Ki50Nmbc7a43G0iQHm1Sa8SNZt9iGHS07z57hVBRrY1+5HNlRdFH 5Y+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=T9weEOF28WUOmMOOGjeM6mMk4dZa2NFaY0nZ+P4hVDM=; b=TYXB6/pls0tc/oFgWhLTY22I17rkzvGbc/zTyxw+vg+ENcYh+oeRR9HmyyInm3HOaa r3ydAodZNGZ5oAvQTPKH1r1p9n3dWdUCxNKjlN5Gb0nUYNCzZDjnNCJBhl0ddLXzkzIG Y99PZJt40Y/SMKivBZpXR990T1N/waiezlmKNK/bM6kfZw7jx43xqmRE/objD4yv9uT1 kaSDqjDoPAZdgOq98afoMkXoTn+YnwujQx7QY0vJbcOjiPLsLb659zYwfTjp8+v0GqEG rXXTdJq2faWMPCfLq7JVzwKEe7f+Rsx0Iw5p03KcT/jhAqUeMheai8we2j19OYURC+Gc 1htg== X-Gm-Message-State: AJaThX7ZjgvJvQESkGpr1pqLfEClG+oorE/HAmatefuYmRBo/6ZX8Qkm EaMaE6xBx2xUJSIPPPKGItH5mwX5kWfHM9OwCW2YBg== X-Received: by 10.129.209.9 with SMTP id w9mr1981339ywi.208.1510291704909; Thu, 09 Nov 2017 21:28:24 -0800 (PST) MIME-Version: 1.0 Received: by 10.37.131.198 with HTTP; Thu, 9 Nov 2017 21:28:04 -0800 (PST) In-Reply-To: <20171110044645.GA3694@mail.hallyn.com> References: <20171106233913.GA1518@mail.hallyn.com> <20171107032802.GA6669@mail.hallyn.com> <20171108190223.vdkyepcaegmub6le@gmail.com> <20171109032134.GA15666@mail.hallyn.com> <871sl7dsh8.fsf@xmission.com> <20171110044645.GA3694@mail.hallyn.com> From: =?UTF-8?B?TWFoZXNoIEJhbmRld2FyICjgpK7gpLngpYfgpLYg4KSs4KSC4KSh4KWH4KS14KS+4KSwKQ==?= Date: Fri, 10 Nov 2017 14:28:04 +0900 Message-ID: Subject: Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces To: "Serge E. Hallyn" Cc: "Eric W. Biederman" , Christian Brauner , Boris Lukashev , Daniel Micay , Mahesh Bandewar , LKML , Netdev , Kernel-hardening , Linux API , Kees Cook , Eric Dumazet , David Miller Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 10, 2017 at 1:46 PM, Serge E. Hallyn wrote: > Quoting Eric W. Biederman (ebiederm@xmission.com): >> single sandbox. I am not at all certain that the capabilities is the >> proper place to limit code reachability. > > Right, I keep having this gut feeling that there is another way we > should be doing that. Maybe based on ksplice or perf, or maybe more > based on subsystems. And I hope someone pursues that. But I can't put > my finger on it, and meanwhile the capability checks obviously *are* in > fact gates... > Well, I don't mind if there is a better solution available. The proposed solution is not adding too much or complex code and using a bit and a sysctl and will be sitting dormant. When we have complete solution, this addition should not be a burden to maintain because of it's non-invasive footprint. I will push the next version of the patch-set that implements Serge's finding. Thanks, --mahesh.. [PS: I'll be soon traveling again and moving to an area where connectivity will be scarce / unreliable. So please expect lot more delays in my responses.] > -serge From 1583653081000294629@xxx Fri Nov 10 04:47:49 +0000 2017 X-GM-THRID: 1583003759650790753 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread