Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754003Ab1CZKfx (ORCPT ); Sat, 26 Mar 2011 06:35:53 -0400 Received: from mail-bw0-f46.google.com ([209.85.214.46]:41057 "EHLO mail-bw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751985Ab1CZKfu (ORCPT ); Sat, 26 Mar 2011 06:35:50 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=d6Aaion+8AWlELZsO9XC3mljZopr5Z6x11T46xrUA0Abh0pK6RNtWYgNkVJBNL1TSY +r6hOeosPEeYBCZ/d1UWzq2BOmAYT2sijWAepg6pCcLlx4B2TORKDtTpGSe8ZS403ozi 49jXhr9z498XNY/g8a0xynSUUEn0aFbqtdohc= Date: Sat, 26 Mar 2011 13:35:39 +0300 From: Vasiliy Kulikov To: David Miller Cc: shemminger@vyatta.com, serge.hallyn@ubuntu.com, bhutchings@solarflare.com, eparis@redhat.com, eparis@parisplace.org, linux-kernel@vger.kernel.org, mjt@tls.msk.ru, arnd@arndb.de, mirqus@gmail.com, netdev@vger.kernel.org, kuznet@ms2.inr.ac.ru, pekkas@netcore.fi, jmorris@namei.org, yoshfuji@linux-ipv6.org, kaber@trash.net, eric.dumazet@gmail.com, therbert@google.com, xiaosuo@gmail.com, jesse@nicira.com, kees.cook@canonical.com, eugene@redhat.com, dan.j.rosenberg@gmail.com, akpm@linux-foundation.org, greg@kroah.com, sds@tycho.nsa.gov, linux-security-module@vger.kernel.org, dwalsh@redhat.com, dhowells@redhat.com Subject: Re: [PATCH v2] net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules Message-ID: <20110326103539.GA4719@albatros> References: <1300991584.2689.35.camel@bwh-desktop> <20110324202634.GB9191@peq.hallyn.com> <20110324143944.29f4c362@nehalam> <20110324.144628.58411809.davem@davemloft.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110324.144628.58411809.davem@davemloft.net> User-Agent: Mutt/1.5.20 (2009-06-14) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1413 Lines: 32 On Thu, Mar 24, 2011 at 14:46 -0700, David Miller wrote: > You can't say "userland will fix things up" > > Because we're never supposed to break userland in the first place. I admit that the patch breaks things. But the thing is that kernel changes _are_ breaking userspace here and there, not only by such obvious policy changes, but by indirect changes. Note that the patch that changed CAP_SYS_MODULE to CAP_NET_ADMIN has broken userspace behavior too - one could load modules with CAP_SYS_MODULE without CAP_NET_ADMIN via "ifconfig wifi0" and after the patch it could not. Look at this patch: http://patchwork.ozlabs.org/patch/42148/ It breaks userspace tools too - one might run LSM in learning mode to create a profile for netfilter configuring, saw it didn't need any CAP_* and totally denied them in the profile. After many years (the bug was fixed after 5+ years!) of good work it was broken by the patch. The same with plenty of patches that introduce different checks in places where there were no permission checks at all or these checks were broken. -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/