From: Andy Lutomirski <luto@myrealbox.com>
To: Andi Kleen <ak@suse.de>
Cc: Andy Lutomirski <luto@myrealbox.com>,
mingo@elte.hu, torvalds@osdl.org, linux-kernel@vger.kernel.org,
akpm@osdl.org, arjanv@redhat.com, suresh.b.siddha@intel.com,
jun.nakajima@intel.com
Subject: Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2
Date: Thu, 03 Jun 2004 17:05:45 -0700 [thread overview]
Message-ID: <40BFBCD9.8000607@myrealbox.com> (raw)
In-Reply-To: <40BFBA3F.4000304@myrealbox.com>
Andy Lutomirski wrote:
>>> I don't like Ingo's fix either, though. At least it should check
>>> CAP_PTRACE or some such. A better fix would be for LSM to pass down
>>> a flag indicating a change of security context. I'll throw that in
>>> to my caps/apply_creds cleanup, in case that ever gets applied.
>>
>>
>>
>> Don't think we should require an LSM module for that. That's far
>> overkill.
>
>
> I'm not suggesting a new LSM module. I'm suggesting modifying the
> existing LSM code to handle this cleanly. We already have a function
> (security_bprm_secureexec) that does something like this, and, in fact,
> it's probably the right thing to test here.
... or not.
secureexec will return true even if you have whatever cap you want the user
to have for this to work.
What use to you see for having this flag survive setuid? The only (safe)
use I can see is for debugging, in which case just copying the binary and
running it non-setuid should be OK.
In this case, then secureexec is a better test than setuid-ness because of
LSMs (like SELinux) in which case setuid is not the only way that security
can be elevated.
--Andy
next prev parent reply other threads:[~2004-06-04 0:08 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-02 20:50 [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2 Ingo Molnar
2004-06-02 21:00 ` Christoph Hellwig
2004-06-02 21:07 ` Ingo Molnar
2004-06-02 21:13 ` Linus Torvalds
2004-06-02 21:17 ` Arjan van de Ven
2004-06-02 21:31 ` Doug McNaught
2004-06-08 8:46 ` Jakub Jelinek
2004-06-03 1:12 ` Joel Becker
2004-06-03 1:27 ` Andi Kleen
2004-06-03 6:24 ` Arjan van de Ven
2004-06-03 20:37 ` jlnance
2004-06-03 7:21 ` Ingo Molnar
2004-06-03 12:44 ` Ingo Molnar
2004-06-03 15:54 ` Andi Kleen
2004-06-03 23:01 ` Andy Lutomirski
2004-06-03 23:08 ` Andi Kleen
2004-06-03 23:54 ` Andy Lutomirski
2004-06-04 0:05 ` Andy Lutomirski [this message]
2004-06-04 9:25 ` Ingo Molnar
2004-06-04 15:26 ` Andy Lutomirski
2004-06-04 15:36 ` Linus Torvalds
2004-06-04 15:41 ` Arjan van de Ven
2004-06-04 15:47 ` Linus Torvalds
2004-06-04 15:51 ` Arjan van de Ven
2004-06-04 16:02 ` Linus Torvalds
2004-06-04 16:13 ` Andi Kleen
2004-06-04 16:37 ` Arjan van de Ven
2004-06-04 16:40 ` Christoph Hellwig
2004-06-04 17:27 ` David Mosberger
2004-06-04 17:30 ` Andi Kleen
2004-06-08 9:07 ` Jakub Jelinek
2004-06-08 9:14 ` Andi Kleen
2004-06-08 9:19 ` Arjan van de Ven
2004-06-04 16:51 ` Ulrich Drepper
2004-06-08 17:15 ` Bill Davidsen
2004-06-04 18:11 ` Gerhard Mack
2004-06-04 18:12 ` Arjan van de Ven
2004-06-04 16:06 ` Ingo Molnar
2004-06-04 17:20 ` Ingo Molnar
2004-06-04 17:22 ` Ingo Molnar
2004-06-04 17:32 ` Ingo Molnar
2004-06-03 19:24 ` Suresh Siddha
2004-06-03 20:37 ` Andi Kleen
2004-06-03 22:58 ` Suresh Siddha
2004-06-03 23:06 ` Andi Kleen
2004-06-04 9:30 ` Ingo Molnar
2004-06-03 12:57 ` Brian Gerst
2004-06-04 9:39 ` Ingo Molnar
2004-06-04 10:41 ` Christoph Hellwig
2004-06-04 10:48 ` William Lee Irwin III
2004-06-03 16:21 ` Ulrich Drepper
2004-06-03 19:30 ` Kurt Garloff
2004-06-02 21:43 ` Andi Kleen
2004-06-03 0:11 ` Rusty Russell
2004-06-03 0:17 ` Jeff Garzik
2004-06-03 7:24 ` Ingo Molnar
2004-06-03 8:47 ` Ingo Molnar
2004-06-03 8:53 ` Ingo Molnar
2004-06-04 0:04 ` Rusty Russell
2004-06-03 9:07 ` Ingo Molnar
2004-06-03 14:36 ` Gerhard Mack
2004-06-03 16:22 ` Arjan van de Ven
2004-06-04 9:36 ` Ingo Molnar
2004-06-04 11:59 ` Stephen Wille Padnos
[not found] <22L0f-5Ci-11@gated-at.bofh.it>
[not found] ` <22O7J-8dw-11@gated-at.bofh.it>
[not found] ` <22Wf4-5Xv-23@gated-at.bofh.it>
2004-06-03 9:43 ` Andi Kleen
-- strict thread matches above, loose matches on Subject: below --
2004-06-04 18:01 Nakajima, Jun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40BFBCD9.8000607@myrealbox.com \
--to=luto@myrealbox.com \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=arjanv@redhat.com \
--cc=jun.nakajima@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=suresh.b.siddha@intel.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox