Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755622AbZLXGLW (ORCPT ); Thu, 24 Dec 2009 01:11:22 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753923AbZLXGLU (ORCPT ); Thu, 24 Dec 2009 01:11:20 -0500 Received: from lists.laptop.org ([18.85.2.145]:51343 "EHLO mail.laptop.org" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752174AbZLXGLT (ORCPT ); Thu, 24 Dec 2009 01:11:19 -0500 Date: Thu, 24 Dec 2009 01:13:23 -0500 From: Michael Stone To: "Eric W. Biederman" Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-security-module@vger.kernel.org, Andi Kleen , David Lang , Oliver Hartkopp , Alan Cox , Herbert Xu , Valdis Kletnieks , Bryan Donlan , Evgeniy Polyakov , "C. Scott Ananian" , James Morris , "Eric W. Biederman" , Bernie Innocenti , Mark Seaborn , Randy Dunlap , =?iso-8859-1?Q?Am=E9rico?= Wang , Michael Stone Subject: Re: [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK) Message-ID: <20091224061322.GB24396@heat> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1986 Lines: 50 > Eric Biederman writes: >> Alan Cox writes: >>> Michael Stone writes: >>>> the LSM-based version *does not* resolve the situation to my satisfaction as a >>>> userland hacker due to the well-known and long-standing adoption and >>>> compositionality problems facing small LSMs. ;) >>> >>> For things like Fedora it's probably an "interesting idea, perhaps we >>> should do it using SELinux" sort of problem, but a config option for a >>> magic network prctl is also going to be hard to adopt without producing a >>> good use case - and avoiding that by dumping crap into everyones kernel >>> fast paths isn't a good idea either. > >If I understand the problem the goal is to disable access to ipc >mechanism that don't have the usual unix permissions. To get >something that is usable for non-root processes, and to get something >that is widely deployed so you don't have to jump through hoops in >end user applications to use it. Eric, You understand correctly. Thank you for this cogent restatement. >We have widely deployed mechanisms that are what you want or nearly >what you want already in the form of the various namespaces built for >containers. It's true that your work is closer to what I want than anything else that I've seen so far... >I propose you introduce a permanent disable of executing suid >applications. I'm open to the idea but I don't understand the need that motivates it yet. Could you please explain further? (or point me to an existing explanation?) >After which point it is another trivial patch to allow unsharing of >the network namespace if executing suid applications are disabled. How do you propose to address the problem with the Unix sockets? Regards, Michael -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/