Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: josh@joshtriplett.org
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: paulmck@linux.vnet.ibm.com, Iulia Manda <iulia.manda21@gmail.com>,
	gnomes@lxorguk.ukuu.org.uk, serge.hallyn@canonical.com,
	linux-kernel@vger.kernel.org, akpm@linux-foundation.org,
	peterz@infradead.org, mhocko@suse.cz,
	LSM <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities
Date: Fri, 30 Jan 2015 11:13:02 -0800	[thread overview]
Message-ID: <20150130191302.GA19744@cloud> (raw)
In-Reply-To: <54CAEB93.5090508@schaufler-ca.com>

On Thu, Jan 29, 2015 at 06:25:23PM -0800, Casey Schaufler wrote:
> On 1/29/2015 5:36 PM, Paul E. McKenney wrote:
> > A few K here, a few K there, and pretty soon you actually fit into the
> > small-memory 32-bit SoCs.  I do not believe that the processing time
> > is the issue.
> 
> And UNIX, with UID and GID processing, used to run in 64K of RAM,
> without swap or paging. Bluntly, there are many other places to look
> before you go here.

And we're looking in all those places too.  Each patch is worth
evaluating independently.  We've *already* gone here, the code is
written (and being revised based on feedback), and "go work over there
out of my backyard" is not going to work.  One of these days, we're
going to run in 64k again.

> >> As for LSMs, I can easily see putting in the security model from the old
> >> RTOS on top of a NON_ROOT configuration. Won't that be fun when the CVEs
> >> start to fly?

The security model is "there's one process on this system".  (Expect
patches for CONFIG_FORK=n and CONFIG_EXEC=n at some point.)

> >> Do you think you'll be running system services like systemd on top of this?
> >> Anyone *else* remember what happened when they put capability handling into
> >> sendmail?
> > Nope, I don't expect these systems to be using LSM, systemd, or sendmail.
> > I think that many of these will instead run the application directly
> > out of the init process.
> 
> Where an "application" might be something like CrossWalk,

No, not a chance.  If you're running a web runtime, you're on a much
larger system, and you're going to be less concerned about shaving
kilobytes; you're also going to want many of the kernel facilities for
sandboxing code.

The kinds of applications we're talking about here run entirely in one
binary, serving a few very narrow functions.  We're not talking
"automobile IVI system" here; we're talking "two buttons and an output",
or "a few sensors and an SD card".

- Josh Triplett

next prev parent reply	other threads:[~2015-01-30 19:13 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-29 18:43 [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities Iulia Manda
2015-01-29 18:59 ` Geert Uytterhoeven
2015-01-29 20:01   ` josh
2015-01-29 20:16     ` Geert Uytterhoeven
2015-01-29 23:44 ` Casey Schaufler
2015-01-30  0:32   ` Paul E. McKenney
2015-01-30  1:25     ` Casey Schaufler
2015-01-30  1:36       ` Paul E. McKenney
2015-01-30  2:25         ` Casey Schaufler
2015-01-30  7:07           ` Paul E. McKenney
2015-01-30 19:13           ` josh [this message]
2015-01-30 19:48             ` Casey Schaufler
2015-01-30 20:20               ` Austin S Hemmelgarn
2015-01-30 21:40               ` Josh Triplett
2015-01-30 21:56                 ` Richard Weinberger
2015-01-31 23:30                   ` Paul E. McKenney
2015-01-31 23:33                     ` Richard Weinberger
2015-02-01 19:45                       ` Paul E. McKenney
2015-01-31 17:00               ` Jarkko Sakkinen
2015-01-30  0:43   ` josh
2015-01-30  2:05     ` Casey Schaufler
2015-01-30 21:04       ` Josh Triplett

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150130191302.GA19744@cloud \
    --to=josh@joshtriplett.org \
    --cc=akpm@linux-foundation.org \
    --cc=casey@schaufler-ca.com \
    --cc=gnomes@lxorguk.ukuu.org.uk \
    --cc=iulia.manda21@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mhocko@suse.cz \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=peterz@infradead.org \
    --cc=serge.hallyn@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox