From: Klaus Ethgen <Klaus+lkml@ethgen.de>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
Richard Weinberger <richard.weinberger@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Christoph Lameter <cl@linux.com>,
Andy Lutomirski <luto@kernel.org>,
Serge Hallyn <serge.hallyn@ubuntu.com>,
Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities
Date: Thu, 5 Nov 2015 18:48:24 +0100 [thread overview]
Message-ID: <20151105174823.GD9307@ikki.ethgen.ch> (raw)
In-Reply-To: <20151105173438.GA3378@mail.hallyn.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Am Do den 5. Nov 2015 um 18:34 schrieb Serge E. Hallyn:
> > Am Do den 5. Nov 2015 um 17:15 schrieb Serge E. Hallyn:
> > > I think if you follow your idea to its logical conclusions, you end
> > > up wanting set SECURE_ALL_BITS | SECURE_ALL_LOCKS, which will include
> > > SECURE_NO_CAP_AMBIENT_RAISE, disabling ambient capabilities.
> >
> > That I did miss out and seems to be the solution for the problem. So
> > adding cap_secure_all_bits,cap_secure_all_locks=ep to every binary that
> > gets other caps should solve it?
>
> No that doesn't work, you have to use prctl to set those bits. If you
> can get your system to be fully rootless, you can have init or initramfs
> do this for you. It'll mean that root and setuid-root binaries have no
> automatic privileges beside owning host (proc/sys) files.
So this is not helping much. But for me it is at least an idea to how to
have abient capabilities _and_ full control for admin. It would be an
un-capability but at least would allow the admin to change the
behaviour.
Another one, that would be much better would be something like
cap_ambient_cap capability to explicitly allow the use of ambient
capabilities.
I have to say that I do not know much about prctl. Just reading the man
page currently. But this seems to be about the second way of taking away
rights from UID 0 instead of explicitly giving rights to selective
binaries.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJWO5ZiAAoJEKZ8CrGAGfasxrYMALQUBljC4ZECnt8C+kjADz+p
Myqlotr5LZ70+UdOGAnd6ldDyomFKoQZB+IHOm8NIqx+HH8IivLPUVHePyJt7Zlj
t1fgjlYRlDx5Zourbw8eGW/diQF8FBPF+JKG08XHqh25DiLTijevgrC7TnavQuQm
RQaYqnVyPCBaEMUqE4iIaJ7hz/GY6hPX/hQlBU5z26Z/0QLa/DNQwyP0RJWoGp2q
rzCgU0K1pemtoik0HSEdm3li9rFicWBpJsz+5mSsJUx01q30zMzBCHan/IOaPseZ
476+OWY/AGWtA4qpcC4MLAqfC2atYkVZ2/xiEarRdl71SAepV3n4ZPInIsJZ1/3k
mUs/EJ1pBMKkrcU9Nry9Hra+uMl77Gin8eG+5RE5B2IdeyKGEr1lCRVe4Dd27M0t
H3hy6WhB4lFg/k2TWZK5Haz/6Nn2chSPntiOWnyw+vN7M1q6yiiIo82GI1Du0T0W
vhwgISmEqtAa8CAaSZQuW6VpJ1Z9ztN5+qnhE6mzKg==
=T9bn
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2015-11-05 17:48 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-02 18:06 Kernel 4.3 breaks security in systems using capabilities Klaus Ethgen
2015-11-02 18:38 ` Richard Weinberger
2015-11-02 18:50 ` Andy Lutomirski
2015-11-02 19:16 ` [KERNEL] " Klaus Ethgen
2015-11-02 19:45 ` Andy Lutomirski
2015-11-05 10:19 ` [KERNEL] " Klaus Ethgen
2015-11-05 16:15 ` Serge E. Hallyn
2015-11-05 17:17 ` [KERNEL] " Klaus Ethgen
2015-11-05 17:34 ` Serge E. Hallyn
2015-11-05 17:48 ` Klaus Ethgen [this message]
2015-11-05 19:01 ` [KERNEL] " Andy Lutomirski
2015-11-05 22:08 ` Serge E. Hallyn
2015-11-06 13:58 ` [KERNEL] " Klaus Ethgen
2015-11-06 15:53 ` Theodore Ts'o
2015-11-06 17:15 ` Andy Lutomirski
2015-11-06 17:51 ` Casey Schaufler
2015-11-06 18:05 ` Serge E. Hallyn
2015-11-06 17:56 ` [KERNEL] " Klaus Ethgen
2015-11-06 18:18 ` Serge E. Hallyn
2015-11-07 11:02 ` [KERNEL] " Klaus Ethgen
2015-11-08 17:05 ` Serge E. Hallyn
2015-11-09 16:28 ` Austin S Hemmelgarn
2015-11-09 17:23 ` [KERNEL] " Klaus Ethgen
2015-11-09 19:02 ` Austin S Hemmelgarn
2015-11-09 21:29 ` [KERNEL] " Klaus Ethgen
2015-11-10 0:06 ` Andy Lutomirski
2015-11-10 11:55 ` [KERNEL] " Klaus Ethgen
2015-11-10 12:40 ` Theodore Ts'o
2015-11-10 13:19 ` [KERNEL] [PATCH] " Klaus Ethgen
2015-11-10 13:35 ` Austin S Hemmelgarn
2015-11-10 17:58 ` [KERNEL] " Klaus Ethgen
2015-11-10 20:39 ` Austin S Hemmelgarn
2015-11-10 13:41 ` Klaus Ethgen
2015-11-11 2:04 ` Theodore Ts'o
2015-11-11 10:14 ` [KERNEL] " Klaus Ethgen
2015-11-11 10:54 ` Theodore Ts'o
2015-11-11 11:13 ` [KERNEL] " Klaus Ethgen
2015-11-10 15:25 ` [KERNEL] Re: [KERNEL] Re: [KERNEL] " Christoph Lameter
2015-11-05 16:19 ` Andy Lutomirski
2015-11-05 17:22 ` [KERNEL] " Klaus Ethgen
2015-11-02 18:52 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151105174823.GD9307@ikki.ethgen.ch \
--to=klaus+lkml@ethgen.de \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=richard.weinberger@gmail.com \
--cc=serge.hallyn@ubuntu.com \
--cc=serge@hallyn.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.