Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752603AbZL2UlR (ORCPT ); Tue, 29 Dec 2009 15:41:17 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752525AbZL2UlQ (ORCPT ); Tue, 29 Dec 2009 15:41:16 -0500 Received: from out02.mta.xmission.com ([166.70.13.232]:59390 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752409AbZL2UlP (ORCPT ); Tue, 29 Dec 2009 15:41:15 -0500 To: Benny Amorsen Cc: Bryan Donlan , "Serge E. Hallyn" , Michael Stone , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-security-module@vger.kernel.org, Andi Kleen , David Lang , Oliver Hartkopp , Alan Cox , Herbert Xu , Valdis Kletnieks , Evgeniy Polyakov , "C. Scott Ananian" , James Morris , Bernie Innocenti , Mark Seaborn , Randy Dunlap , =?iso-8859-1?Q?Am=E9rico?= Wang , Tetsuo Handa , Samir Bellabes , Casey Schaufler , Pavel Machek , Al Viro References: <20091229050114.GC14362@heat> <20091229151146.GA32153@us.ibm.com> <3e8340490912290805s103fb789y13acea4a84669b20@mail.gmail.com> From: ebiederm@xmission.com (Eric W. Biederman) Date: Tue, 29 Dec 2009 12:40:55 -0800 In-Reply-To: (Benny Amorsen's message of "Tue\, 29 Dec 2009 21\:10\:11 +0100") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-XM-SPF: eid=;;;mid=;;;hst=in02.mta.xmission.com;;;ip=76.21.114.89;;;frm=ebiederm@xmission.com;;;spf=neutral X-SA-Exim-Connect-IP: 76.21.114.89 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Benny Amorsen X-Spam-Relay-Country: X-Spam-Report: * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 T_TM2_M_HEADER_IN_MSG BODY: T_TM2_M_HEADER_IN_MSG * -3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa02 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 XM_SPF_Neutral SPF-Neutral * 0.4 UNTRUSTED_Relay Comes from a non-trusted relay Subject: Re: RFC: disablenetwork facility. (v4) X-SA-Exim-Version: 4.2.1 (built Thu, 25 Oct 2007 00:26:12 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1086 Lines: 27 Benny Amorsen writes: > Bryan Donlan writes: > >> I, for one, think it would be best to handle it exactly like the >> nosuid mount option - that is, pretend the file doesn't have any >> setuid bits set. There's no reason to deny execution; if the process >> would otherwise be able to execute it, it can also copy the file to >> make a non-suid version and execute that instead. > > Execute != read. The executable file may contain secrets which must not > be available to the user running the setuid program. If you fail the > setuid, the user will be able to ptrace() and then the secret is > revealed. > > It's amazing how many security holes appear from what seems like a very > simple request. Do we have a security hole in nosuid mount option? Can someone write a patch to fix it? Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/