From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com Date: Fri, 6 Jan 2012 08:36:35 +0100 From: Ingo Molnar Message-ID: <20120106073635.GC14188@elte.hu> References: <20120104201800.GA2587@www.outflux.net> <20120105091704.GB3249@elte.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Subject: [kernel-hardening] Re: [PATCH v2012.1] fs: symlink restrictions on sticky directories To: Kees Cook Cc: linux-kernel@vger.kernel.org, Alexander Viro , Andrew Morton , Rik van Riel , Federica Teodori , Lucian Adrian Grijincu , Peter Zijlstra , Eric Paris , Randy Dunlap , Dan Rosenberg , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, kernel-hardening@lists.openwall.com List-ID: * Kees Cook wrote: > On Thu, Jan 5, 2012 at 1:17 AM, Ingo Molnar wrote: > > * Kees Cook wrote: > > > >> @@ -1495,6 +1496,15 @@ static struct ctl_table fs_table[] = { > >>  #endif > >>  #endif > >>       { > >> +             .procname       = "protected_sticky_symlinks", > >> +             .data           = &protected_sticky_symlinks, > >> +             .maxlen         = sizeof(int), > >> +             .mode           = 0644, > >> +             .proc_handler   = proc_dointvec_minmax, > >> +             .extra1         = &zero, > >> +             .extra2         = &one, > >> +     }, > > > > Small detail: > > > > Might make sense to change the .mode to 0600, to make it > > harder for unprivileged attack code to guess whether this > > protection (and the resulting audit warning to the > > administrator) is enabled on a system or not. > > Sure, I have no problem with that. In addition to this change, > what's the best next step for this patch? Al and Linus's call I guess. Maybe ask Andrew whether he'd put it into -mm? Thanks, Ingo From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ingo Molnar Subject: Re: [PATCH v2012.1] fs: symlink restrictions on sticky directories Date: Fri, 6 Jan 2012 08:36:35 +0100 Message-ID: <20120106073635.GC14188@elte.hu> References: <20120104201800.GA2587@www.outflux.net> <20120105091704.GB3249@elte.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: linux-kernel@vger.kernel.org, Alexander Viro , Andrew Morton , Rik van Riel , Federica Teodori , Lucian Adrian Grijincu , Peter Zijlstra , Eric Paris , Randy Dunlap , Dan Rosenberg , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, kernel-hardening@lists.openwall.com To: Kees Cook Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org * Kees Cook wrote: > On Thu, Jan 5, 2012 at 1:17 AM, Ingo Molnar wrote: > > * Kees Cook wrote: > > > >> @@ -1495,6 +1496,15 @@ static struct ctl_table fs_table[] =3D { > >> =A0#endif > >> =A0#endif > >> =A0 =A0 =A0 { > >> + =A0 =A0 =A0 =A0 =A0 =A0 .procname =A0 =A0 =A0 =3D "protected_sti= cky_symlinks", > >> + =A0 =A0 =A0 =A0 =A0 =A0 .data =A0 =A0 =A0 =A0 =A0 =3D &protected= _sticky_symlinks, > >> + =A0 =A0 =A0 =A0 =A0 =A0 .maxlen =A0 =A0 =A0 =A0 =3D sizeof(int), > >> + =A0 =A0 =A0 =A0 =A0 =A0 .mode =A0 =A0 =A0 =A0 =A0 =3D 0644, > >> + =A0 =A0 =A0 =A0 =A0 =A0 .proc_handler =A0 =3D proc_dointvec_minm= ax, > >> + =A0 =A0 =A0 =A0 =A0 =A0 .extra1 =A0 =A0 =A0 =A0 =3D &zero, > >> + =A0 =A0 =A0 =A0 =A0 =A0 .extra2 =A0 =A0 =A0 =A0 =3D &one, > >> + =A0 =A0 }, > > > > Small detail: > > > > Might make sense to change the .mode to 0600, to make it=20 > > harder for unprivileged attack code to guess whether this=20 > > protection (and the resulting audit warning to the=20 > > administrator) is enabled on a system or not. >=20 > Sure, I have no problem with that. In addition to this change,=20 > what's the best next step for this patch? Al and Linus's call I guess. Maybe ask Andrew whether he'd put=20 it into -mm? Thanks, Ingo