From: Vasiliy Kulikov <segoon@openwall.com>
To: Serge Hallyn <serge.hallyn@canonical.com>
Cc: Eric Paris <eparis@redhat.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, apparmor@lists.ubuntu.com,
"selinux@tycho.nsa.gov Stephen Smalley" <sds@tycho.nsa.gov>,
James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>,
John Johansen <john.johansen@canonical.com>,
kernel-hardening@lists.openwall.com, serge@hallyn.com
Subject: Re: [RFC v2] security: intoduce ptrace_task_may_access_current
Date: Mon, 20 Jun 2011 19:44:29 +0400 [thread overview]
Message-ID: <20110620154429.GA12879@albatros> (raw)
In-Reply-To: <20110620150001.GF12469@mail.hallyn.com>
On Mon, Jun 20, 2011 at 10:00 -0500, Serge Hallyn wrote:
> > >diff --git a/kernel/capability.c b/kernel/capability.c
> > >index 283c529..bc9b07f 100644
> > >--- a/kernel/capability.c
> > >+++ b/kernel/capability.c
> > >@@ -356,6 +356,30 @@ bool capable(int cap)
> > > }
> > > EXPORT_SYMBOL(capable);
> > >
> > >+bool task_capable(struct task_struct *task, int cap)
> > >+{
> > >+ return ns_task_capable(task,&init_user_ns, cap);
> > >+}
> > >+EXPORT_SYMBOL(task_capable);
> >
> > Why do we keep adding things like task_capable? Can't we just stop
> > adding non-lsm functions and just call the right LSM functions from
> > now on? This is my original comments mostly directed at Serge. I'm
> > to the point where I want to NAK anything new in kernel/capability.c
> > (and yes, I know i'm guilty in the paste)
> >
> > >+bool ns_task_capable(struct task_struct *task, struct user_namespace *ns, int cap)
>
> Can you just use has_ns_capability() at the places where you wanted to
> use your new ns_task_capable()? It won't set PF_SUPERPRIV, but you
> can't set that on another task anyway IIRC.
has_ns_capability() doesn't touch LSMs, but ns_task_capable() uses
security_task_capable() which uses LSMs.
Actually, I'm a bit confused in sense of what capable functions should
be used in specific cases. Where we need to inform LSM and where not.
I don't want to bypass LSMs where it should not do it otherwise. In the
patch I've copied alredy existing behaviour leaving LSM iteraction
as-is.
Thanks,
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
next prev parent reply other threads:[~2011-06-20 15:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-17 17:11 [RFC v2] security: intoduce ptrace_task_may_access_current Vasiliy Kulikov
2011-06-20 14:22 ` Eric Paris
2011-06-20 14:40 ` Vasiliy Kulikov
2011-06-20 14:43 ` Vasiliy Kulikov
2011-06-20 14:44 ` Eric Paris
2011-06-20 15:00 ` Serge Hallyn
2011-06-20 15:44 ` Vasiliy Kulikov [this message]
2011-06-20 15:51 ` Serge E. Hallyn
2011-06-20 16:50 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110620154429.GA12879@albatros \
--to=segoon@openwall.com \
--cc=apparmor@lists.ubuntu.com \
--cc=eparis@parisplace.org \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox