From: Andy Lutomirski <luto@myrealbox.com>
To: Chris Wright <chrisw@osdl.org>
Cc: Chris Wedgwood <cw@f00f.org>, Andrew Morton <akpm@osdl.org>,
Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org
Subject: Re: 2.6.6-mm1
Date: Mon, 10 May 2004 23:33:46 -0700 [thread overview]
Message-ID: <40A073CA.9090805@myrealbox.com> (raw)
In-Reply-To: <fa.gg699ad.b2omr9@ifi.uio.no>
Chris Wright wrote:
> * Chris Wedgwood (cw@f00f.org) wrote:
>
>>On Mon, May 10, 2004 at 03:02:03PM -0700, Andrew Morton wrote:
>>
>>
>>>Capabilities are broken and don't work. Nobody has a clue how to
>>>provide the required services with SELinux and nobody has any code
>>>and we need the feature *now* before vendors go shipping even more
>>>ghastly stuff.
>>
>>eh? magic groups are nasty... and why is this needed? can't
>>oracle/whatever just run with a wrapper to give the capabilities out
>>as required until a better solution is available
>
>
> I agree. I have a patch that at least fixes this bit of capabilities
> (currently, what you suggest doesn't work right), which could easily be
> dusted off and resent.
I'll try and get my patch ready for testing soon. It got sidetracked by
the compute_creds race (erm... and my inability to fix it right the
first time).
Before I clean it up and rediff it, here's a question:
I would like to make the inheritable mask mean "these are the only
capabilities that this process or its children may ever hold." That
means tweaking setuid to disable itself if the inheritable mask is not
full to avoid auditing every setuid program ever written.. The benefit
is that cap_bset can be removed and securelevel can done sanely (by
adding a sysctl that means "setuid needs this set of capabilities"). It
also means that servers could drop inheritable caps, so, if they are
hacked, the attacker can't try to exploit setpcap / setuid /
(eventually) vfs caps. The downside is added complexity.
If I don't do that, I'm not quite sure what to do with the inheritable
mask. It seems to be only marginally useful.
Thoughts?
--Andy
next parent reply other threads:[~2004-05-11 6:38 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.j4d62qo.1144tpk@ifi.uio.no>
[not found] ` <fa.gg699ad.b2omr9@ifi.uio.no>
2004-05-11 6:33 ` Andy Lutomirski [this message]
2004-05-12 15:27 2.6.6-mm1 Sid Boyce
-- strict thread matches above, loose matches on Subject: below --
2004-05-12 12:26 2.6.6-mm1 Sid Boyce
2004-05-11 14:49 2.6.6-mm1 Neil Schemenauer
2004-05-11 18:55 ` 2.6.6-mm1 Andrew Morton
2004-05-11 10:34 2.6.6-mm1 Sid Boyce
2004-05-10 16:50 2.6.6-mm1 Sid Boyce
2004-05-10 12:43 2.6.6-mm1 Sid Boyce
2004-05-12 8:13 ` 2.6.6-mm1 Andrew Morton
2004-05-10 9:45 2.6.6-mm1 Andrew Morton
2004-05-10 10:52 ` 2.6.6-mm1 Dominik Karall
2004-05-10 11:18 ` 2.6.6-mm1 Dave Jones
2004-05-10 12:20 ` 2.6.6-mm1 Nick Piggin
2004-05-10 12:22 ` 2.6.6-mm1 Dave Jones
2004-05-10 14:38 ` 2.6.6-mm1 Norberto Bensa
2004-05-10 14:55 ` 2.6.6-mm1 Dominik Karall
2004-05-10 15:02 ` 2.6.6-mm1 Norberto Bensa
2004-05-10 15:22 ` 2.6.6-mm1 Dominik Karall
2004-05-10 15:33 ` 2.6.6-mm1 Norberto Bensa
2004-05-10 15:20 ` 2.6.6-mm1 Christoph Hellwig
2004-05-11 5:21 ` 2.6.6-mm1 Andrew Morton
2004-05-10 21:37 ` 2.6.6-mm1 Christoph Hellwig
2004-05-10 22:02 ` 2.6.6-mm1 Andrew Morton
2004-05-10 22:05 ` 2.6.6-mm1 Christoph Hellwig
2004-05-10 22:15 ` 2.6.6-mm1 Andrew Morton
2004-05-10 22:20 ` 2.6.6-mm1 Christoph Hellwig
2004-05-10 22:47 ` 2.6.6-mm1 Andrew Morton
2004-05-10 22:48 ` 2.6.6-mm1 Christoph Hellwig
2004-05-10 23:16 ` 2.6.6-mm1 Matt Mackall
2004-05-10 22:27 ` 2.6.6-mm1 Valdis.Kletnieks
2004-05-10 22:48 ` 2.6.6-mm1 Andrew Morton
2004-05-10 23:01 ` 2.6.6-mm1 Valdis.Kletnieks
2004-05-10 23:11 ` 2.6.6-mm1 Chris Wedgwood
2004-05-10 23:14 ` 2.6.6-mm1 Christoph Hellwig
2004-05-10 23:28 ` 2.6.6-mm1 Andrew Morton
2004-05-10 23:33 ` 2.6.6-mm1 Chris Wedgwood
2004-05-10 23:51 ` 2.6.6-mm1 Andrew Morton
2004-05-10 23:53 ` 2.6.6-mm1 Chris Wedgwood
2004-05-11 0:14 ` 2.6.6-mm1 Andrew Morton
2004-05-11 0:24 ` 2.6.6-mm1 Wim Coekaerts
2004-05-11 1:10 ` 2.6.6-mm1 Andrew Morton
2004-05-11 1:51 ` 2.6.6-mm1 Wim Coekaerts
2004-05-11 6:23 ` 2.6.6-mm1 Christoph Hellwig
2004-05-12 2:44 ` 2.6.6-mm1 Andrea Arcangeli
2004-05-12 5:11 ` 2.6.6-mm1 Chris Wedgwood
2004-05-11 15:12 ` 2.6.6-mm1 Wim Coekaerts
2004-05-12 5:42 ` 2.6.6-mm1 Christoph Hellwig
2004-05-12 5:50 ` 2.6.6-mm1 Christoph Hellwig
2004-05-11 6:22 ` 2.6.6-mm1 Christoph Hellwig
2004-05-11 6:21 ` 2.6.6-mm1 Christoph Hellwig
2004-05-11 6:37 ` 2.6.6-mm1 William Lee Irwin III
2004-05-11 6:18 ` 2.6.6-mm1 Christoph Hellwig
2004-05-10 23:33 ` 2.6.6-mm1 Chris Wright
2004-05-11 1:59 ` 2.6.6-mm1 Matt Mackall
2004-05-11 14:34 ` 2.6.6-mm1 Stephen Smalley
2004-05-11 16:48 ` 2.6.6-mm1 Chris Wright
2004-05-12 12:49 ` 2.6.6-mm1 Sean Neakums
2004-05-12 19:26 ` 2.6.6-mm1 Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40A073CA.9090805@myrealbox.com \
--to=luto@myrealbox.com \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=cw@f00f.org \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.