Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Klaus Ethgen <Klaus+lkml@ethgen.de>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>,
	Kees Cook <keescook@chromium.org>,
	Christoph Lameter <cl@linux.com>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	"Theodore Ts'o" <tytso@mit.edu>,
	Austin S Hemmelgarn <ahferroin7@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems  using capabilities
Date: Tue, 10 Nov 2015 12:55:27 +0100	[thread overview]
Message-ID: <20151110115526.GA2958@ikki.ethgen.ch> (raw)
In-Reply-To: <CALCETrUE5FwqtCBMq8+K6owwTn0vhdHjO0TzoMKhN6_vaNSRhw@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Andy,

Am Di den 10. Nov 2015 um  1:06 schrieb Andy Lutomirski:
> > So, answered that I get very frustrated. We talk about details that have
> > nothing to do with the main problem. The main problem is that there is
> > no way to disable ambient capabilities or, even better, to _enable_ them
> > explicitly if needed. That is a real problem that exists now in the
> > kernel.
> >
> > Please focus on that problem!
> 
> No, and I'm now done with this thread.  Sorry.

Sad to hear that.

> You can use the securebit to turn them off if you care.

The problem is that this is not applyable here. Securebits are great for
stuff that is locked in. But here we talk about every process, every
thread in the system. There is simply no way to set securebits with
system start.

> You can tell other people that they write privileged programs in the
> wrong programming language if you like.

Hey, it is not about programming languages. I never said something in
that direction!

I brought python programs for a bad example in programming and how
developers work. But that example can be made in any language. Moreover,
as python is a script language, I would not like it at all, having any
raised capabilities. And that is also valid for perl that I like much
more.

> No code change from me appears to be needed or warranted.

I could come up with a patch, adding a new capability for enabling
ambient capabilities. But as I do not have the full great kernel code
overview, I might miss some security relevant stuff here. Thats why I do
not came up with a patch.

However, when such a patch could have a change to get reviewed my some
more experienced kernel hacker than I am and if there would be a change
to get it into the kernel, I will come up with such a patch.

Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGbBAEBCgAGBQJWQdspAAoJEKZ8CrGAGfas8B8L+J66vXjZFyxnSjW5iE0mLSS/
CB0kQ9Capyb5eLsDWcjTi+DmO1xTQS+LRJ77HClX6yQUUNTjn4d/kkDtNhm64sER
d0KRvn/B2kOBNhDU1WZ4CELzazaRFMhDEYxNIy4JXuJawB1CDv5O92gjFZ2NjNSp
KN8fP3CaecNJ4d/dBMCPwCPyAKIfm8fwSvHQaI1yguP2MMe2gMtken59+PEbKoqr
m0Y5nJFuZ+LfSedTJdzbINQtmh0iFXEL4hNYaJnz7QyK4wsqwcBET9CZSK2twtsZ
EyxtFizL363ubFdrmdzBZjziC48+U00KEh1Zgrf6xgqvkWcp0KL1v9Fg0kgA5pUa
SNIei5oVDce8sAWerkpqRO+gvvw9mSzGusv7YkDuoRiw8Q1Z42X0Ro5Lyedff2X4
0nRMMH1lU20oJhemUk4X3E9SN2ZxZ4Xwa4OjhWuSUMeLOIEo+ssflFVhFPv45qpr
CHjBZAvfBuiZfkobm6duXrvSX5rtqbf2fGb4fBV0
=518a
-----END PGP SIGNATURE-----

next prev parent reply	other threads:[~2015-11-10 11:55 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-02 18:06 Kernel 4.3 breaks security in systems using capabilities Klaus Ethgen
2015-11-02 18:38 ` Richard Weinberger
2015-11-02 18:50   ` Andy Lutomirski
2015-11-02 19:16     ` [KERNEL] " Klaus Ethgen
2015-11-02 19:45       ` Andy Lutomirski
2015-11-05 10:19         ` [KERNEL] " Klaus Ethgen
2015-11-05 16:15           ` Serge E. Hallyn
2015-11-05 17:17             ` [KERNEL] " Klaus Ethgen
2015-11-05 17:34               ` Serge E. Hallyn
2015-11-05 17:48                 ` [KERNEL] " Klaus Ethgen
2015-11-05 19:01                   ` Andy Lutomirski
2015-11-05 22:08                     ` Serge E. Hallyn
2015-11-06 13:58                       ` [KERNEL] " Klaus Ethgen
2015-11-06 15:53                         ` Theodore Ts'o
2015-11-06 17:15                           ` Andy Lutomirski
2015-11-06 17:51                           ` Casey Schaufler
2015-11-06 18:05                             ` Serge E. Hallyn
2015-11-06 17:56                           ` [KERNEL] " Klaus Ethgen
2015-11-06 18:18                             ` Serge E. Hallyn
2015-11-07 11:02                               ` [KERNEL] " Klaus Ethgen
2015-11-08 17:05                                 ` Serge E. Hallyn
2015-11-09 16:28                                 ` Austin S Hemmelgarn
2015-11-09 17:23                                   ` [KERNEL] " Klaus Ethgen
2015-11-09 19:02                                     ` Austin S Hemmelgarn
2015-11-09 21:29                                       ` [KERNEL] " Klaus Ethgen
2015-11-10  0:06                                         ` Andy Lutomirski
2015-11-10 11:55                                           ` Klaus Ethgen [this message]
2015-11-10 12:40                                             ` [KERNEL] " Theodore Ts'o
2015-11-10 13:19                                               ` [KERNEL] [PATCH] " Klaus Ethgen
2015-11-10 13:35                                                 ` Austin S Hemmelgarn
2015-11-10 17:58                                                   ` [KERNEL] " Klaus Ethgen
2015-11-10 20:39                                                     ` Austin S Hemmelgarn
2015-11-10 13:41                                                 ` Klaus Ethgen
2015-11-11  2:04                                                 ` Theodore Ts'o
2015-11-11 10:14                                                   ` [KERNEL] " Klaus Ethgen
2015-11-11 10:54                                                     ` Theodore Ts'o
2015-11-11 11:13                                                       ` [KERNEL] " Klaus Ethgen
2015-11-10 15:25                                               ` [KERNEL] Re: [KERNEL] Re: [KERNEL] " Christoph Lameter
2015-11-05 16:19           ` Andy Lutomirski
2015-11-05 17:22             ` [KERNEL] " Klaus Ethgen
2015-11-02 18:52   ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151110115526.GA2958@ikki.ethgen.ch \
    --to=klaus+lkml@ethgen.de \
    --cc=ahferroin7@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=cl@linux.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=richard.weinberger@gmail.com \
    --cc=serge.hallyn@ubuntu.com \
    --cc=serge@hallyn.com \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.