From: Athanasius <link@miggy.org>
To: Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Cc: Greg KH <gregkh@suse.de>, Julien Tinnes <jt@cr0.org>,
Tavis Ormandy <taviso@sdf.lonestar.org>,
Christoph Hellwig <hch@infradead.org>,
Kees Cook <kees@ubuntu.com>, Eugene Teo <eugene@redhat.com>,
Athanasius <link@miggy.org>
Subject: Re: [link@miggy.org: Re: [patch 2/8] personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895)]
Date: Sat, 18 Jul 2009 22:28:12 +0100 [thread overview]
Message-ID: <20090718212812.GI6722@miggy.org> (raw)
In-Reply-To: <alpine.LFD.2.01.0907181342500.13838@localhost.localdomain>
On Sat, Jul 18, 2009 at 01:48:06PM -0700, Linus Torvalds wrote:
> On Sat, 18 Jul 2009, Greg KH wrote:
> >
> > and you have the whole idea of personalities being some kind of security
> > mechanism exposed as a joke.
>
> It's _not_ a "security mechanism". It never was.
...
> In the absense of raised capabilities, the personality flags don't matter:
> because they aren't security. If you have a personality flag that says "I
> want to mmap at virtual address zero", you're still going to be limited by
> the security layer, and if the security layer says "nope, you can't do
> that", then your personality doesn't matter.
>
> See?
I can understand and appreciate that, yes.
However the content of 'cat /proc/execdomains' is mis-leading for
the default Execution Domain. The string '0-0' implies either that you
can only set 1 of 3 personalities whilst this Execution Domain is current
OR that this Execution Domain will only be used whilst the set personality
is one of those 3. But neither is actually true as this default Execution
Domain (being the only one in vanilla kernel tree) is a special case.
If you don't see a valid reason to change personality(2) behaviour (thus
still allowing setting aribtrary personality values) then surely it would
make more sense for the default domain to set pers_high to PER_MASK ?
I'd suggest it actually be 0xffffffff but the field is only a char.
--
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
Finger athan(at)fysh.org for PGP key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
next parent reply other threads:[~2009-07-18 21:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090718202512.GA19587@suse.de>
[not found] ` <alpine.LFD.2.01.0907181342500.13838@localhost.localdomain>
2009-07-18 21:28 ` Athanasius [this message]
2009-07-19 1:38 ` [link@miggy.org: Re: [patch 2/8] personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895)] Julien TINNES
2009-07-19 12:27 ` Athanasius
2009-07-19 19:27 ` Linus Torvalds
2009-07-19 19:39 ` Athanasius
2009-07-19 19:47 ` Linus Torvalds
2009-07-19 19:55 ` Andi Kleen
2009-07-19 22:01 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090718212812.GI6722@miggy.org \
--to=link@miggy.org \
--cc=eugene@redhat.com \
--cc=gregkh@suse.de \
--cc=hch@infradead.org \
--cc=jt@cr0.org \
--cc=kees@ubuntu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=taviso@sdf.lonestar.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox