From: "Giacomo A. Catenazzi" <cate@debian.org>
To: Jan Engelhardt <jengelh@computergmbh.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Andreas Gruenbacher <agruen@suse.de>,
Thomas Fricaccia <thomas_fricacci@yahoo.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
James Morris <jmorris@namei.org>
Subject: Re: LSM conversion to static interface
Date: Tue, 23 Oct 2007 11:14:29 +0200 [thread overview]
Message-ID: <471DBB75.9020605@debian.org> (raw)
In-Reply-To: <Pine.LNX.4.64.0710231051090.16684@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> On Oct 23 2007 07:44, Giacomo Catenazzi wrote:
>>> I do have a pseudo LSM called "multiadm" at
>>> http://freshmeat.net/p/multiadm/ , quoting:
>>> Policy is dead simple since it is based on UIDs. The UID ranges can be
>>> set on module load time or during runtime (sysfs params). This LSM is
>>> basically grants extra rights unlike most other LSMs[1], which is why
>>> modprobe makes much more sense here. (It also does not have to do any
>>> security labelling that would require it to be loaded at boot time
>>> already.)
>> But his is against LSM design (and first agreements about LSM):
>> LSM can deny rights, but it should not give extra permissions
>> or bypass standard unix permissions.
>
> It is just not feasible to add ACLs to all million files in /home,
> also because ACLs are limited to around 25 entries.
> And it is obvious I do not want <prof> to have UID 0, because
> then you cannot distinguish who created what file.
> So the requirement to the task is to have unique UIDs.
> The next logical step would be to give capabilities to those UIDs.
>
> *Is that wrong*? Who says that only UID 0 is allowed to have
> all 31 capability bits turned on, and that all non-UID 0 users
> need to have all 31 capability bits turned off?
>
> So, we give caps to the subadmins (which is IMHO a natural task),
> and then, as per LSM design (wonder where that is written) deny
> some of the rights that the capabilities raised for subadmins grant,
> because that is obviously too much.
Nothing wrong. I only said that it was against (IIRC) the
principle of LSM in kernel (we should only remove capacities).
I've nothing against the changing the design or rules.
It was only a commentary, to be sure that we know what we do ;-)
ciao
cate
next prev parent reply other threads:[~2007-10-23 9:14 UTC|newest]
Thread overview: 140+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <167451.96128.qm@web38607.mail.mud.yahoo.com>
2007-10-18 2:18 ` LSM conversion to static interface Linus Torvalds
2007-10-19 20:26 ` Andreas Gruenbacher
2007-10-19 20:40 ` Linus Torvalds
2007-10-20 11:05 ` Jan Engelhardt
2007-10-20 22:57 ` James Morris
2007-10-21 22:59 ` Adrian Bunk
2007-10-23 4:09 ` LSM conversion to static interface [revert patch] Arjan van de Ven
2007-10-23 4:56 ` James Morris
2007-10-23 4:57 ` Arjan van de Ven
2007-10-23 5:16 ` Chris Wright
2007-10-23 9:10 ` Jan Engelhardt
2007-10-23 9:13 ` Chris Wright
2007-10-23 9:14 ` Jan Engelhardt
2007-10-24 0:31 ` Jeremy Fitzhardinge
2007-10-24 0:32 ` Chris Wright
2007-10-24 5:06 ` Arjan van de Ven
2007-10-24 11:50 ` Linux Security *Module* Framework (Was: LSM conversion to static interface Simon Arlott
2007-10-24 12:55 ` Adrian Bunk
2007-10-24 18:11 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Simon Arlott
2007-10-24 18:51 ` Jan Engelhardt
2007-10-24 18:59 ` Simon Arlott
2007-10-24 19:04 ` Jan Engelhardt
2007-10-24 21:02 ` David P. Quigley
2007-10-24 21:37 ` Serge E. Hallyn
2007-10-24 21:51 ` Jan Engelhardt
2007-10-24 22:02 ` David P. Quigley
2007-10-24 23:13 ` Jan Engelhardt
2007-10-25 1:50 ` david
2007-10-25 3:50 ` Kyle Moffett
2007-10-24 21:42 ` Jan Engelhardt
2007-10-24 21:58 ` Casey Schaufler
2007-10-24 22:04 ` David P. Quigley
2007-10-25 11:38 ` Simon Arlott
2007-10-24 20:18 ` Crispin Cowan
2007-10-24 20:46 ` Jan Engelhardt
2007-10-24 21:29 ` Casey Schaufler
2007-10-24 22:31 ` Adrian Bunk
2007-10-24 22:58 ` Casey Schaufler
2007-10-24 23:32 ` Adrian Bunk
2007-10-24 23:42 ` Linus Torvalds
2007-10-25 0:41 ` Chris Wright
2007-10-25 2:19 ` Arjan van de Ven
2007-10-30 3:37 ` Toshiharu Harada
2007-10-25 1:03 ` Casey Schaufler
2007-10-25 0:23 ` Chris Wright
2007-10-25 0:35 ` Ray Lee
2007-10-25 1:26 ` Peter Dolding
2007-10-25 1:41 ` Alan Cox
2007-10-25 2:11 ` david
2007-10-25 18:17 ` Ray Lee
2007-10-25 22:21 ` Alan Cox
2007-10-26 3:45 ` david
2007-10-26 5:44 ` Peter Dolding
2007-10-27 18:29 ` Pavel Machek
2007-10-28 18:48 ` Hua Zhong
2007-10-28 19:05 ` Hua Zhong
2007-10-28 22:08 ` Crispin Cowan
2007-10-28 22:50 ` Alan Cox
2007-11-26 20:42 ` serge
2007-10-28 23:55 ` Peter Dolding
2007-10-29 5:12 ` Arjan van de Ven
2007-10-25 9:19 ` Bernd Petrovitsch
2007-10-25 16:04 ` Ray Lee
2007-10-25 17:10 ` Arjan van de Ven
2007-10-30 9:41 ` Bernd Petrovitsch
2007-10-25 1:42 ` Casey Schaufler
2007-10-27 18:22 ` Pavel Machek
2007-10-28 19:42 ` Linux Security *Module* Framework Tilman Schmidt
2007-10-28 20:46 ` Jan Engelhardt
2007-10-30 3:23 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Toshiharu Harada
2007-10-30 8:40 ` Jan Engelhardt
2007-10-30 8:50 ` Crispin Cowan
2007-10-30 9:27 ` Jan Engelhardt
2007-10-30 9:21 ` Toshiharu Harada
2007-10-25 11:44 ` Simon Arlott
2007-10-25 23:09 ` Tilman Schmidt
2007-10-26 2:56 ` Greg KH
2007-10-26 7:09 ` Jan Engelhardt
2007-10-26 15:54 ` Greg KH
2007-10-26 9:46 ` Tilman Schmidt
2007-10-26 15:58 ` Greg KH
2007-10-26 16:32 ` Simon Arlott
2007-10-27 14:07 ` eradicating out of tree modules (was: Linux Security *Module* Framework) Tilman Schmidt
2007-10-28 1:21 ` Adrian Bunk
2007-10-26 23:26 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Adrian Bunk
2007-10-27 14:47 ` eradicating out of tree modules (was: : Linux Security *Module* Framework) Tilman Schmidt
2007-10-27 17:31 ` eradicating out of tree modules Stefan Richter
2007-10-28 0:55 ` eradicating out of tree modules (was: : Linux Security *Module* Framework) Adrian Bunk
2007-10-28 9:25 ` eradicating out of tree modules Stefan Richter
2007-10-28 12:01 ` Tilman Schmidt
2007-10-28 14:37 ` Stefan Richter
2007-10-28 14:59 ` Simon Arlott
2007-10-28 16:55 ` Tilman Schmidt
2007-10-28 18:51 ` Tilman Schmidt
2007-10-28 19:25 ` Adrian Bunk
2007-10-30 0:29 ` Tilman Schmidt
2007-10-30 13:11 ` linux-os (Dick Johnson)
2007-10-30 13:19 ` Xavier Bestel
2007-10-30 15:30 ` Greg KH
2007-10-29 23:51 ` Out-of-tree modules [was: Linux Security *Module* Framework] Jan Engelhardt
2007-10-30 0:46 ` Lee Revell
2007-10-30 1:19 ` Jan Engelhardt
2007-10-27 14:08 ` Linux Security *Module* Framework (Was: LSM conversion to static interface Tetsuo Handa
2007-11-05 6:42 ` Crispin Cowan
2007-10-23 9:13 ` Jan Engelhardt
2007-10-23 5:44 ` Giacomo Catenazzi
2007-10-23 8:55 ` Jan Engelhardt
2007-10-23 9:14 ` Giacomo A. Catenazzi [this message]
2007-10-23 9:18 ` Jan Engelhardt
2007-10-23 15:20 ` Serge E. Hallyn
2007-10-23 15:28 ` Jan Engelhardt
2007-10-23 15:34 ` Serge E. Hallyn
2007-10-25 10:23 ` Valdis.Kletnieks
2007-10-19 21:07 ` James Morris
2007-10-22 1:12 ` Crispin Cowan
2007-10-25 11:33 Jan Engelhardt
2007-10-26 10:40 ` Samir Bellabes
-- strict thread matches above, loose matches on Subject: below --
2007-10-22 17:00 Thomas Fricaccia
2007-10-22 17:12 ` Alan Cox
2007-10-22 17:13 ` Greg KH
2007-10-23 5:14 ` Crispin Cowan
2007-10-23 5:32 ` david
2007-10-23 11:38 ` Simon Arlott
2007-10-23 5:53 ` Giacomo Catenazzi
2007-10-23 7:12 ` Crispin Cowan
2007-10-23 8:17 ` Giacomo A. Catenazzi
2007-10-24 3:41 ` Greg KH
2007-10-22 2:24 Thomas Fricaccia
2007-10-22 3:59 ` Greg KH
2007-10-22 17:47 ` Avi Kivity
2007-10-23 16:05 ` Adrian Bunk
2007-10-23 16:52 ` Geert Uytterhoeven
2007-10-22 10:07 ` Alan Cox
2007-10-22 16:10 ` Crispin Cowan
2007-10-22 16:50 ` Alan Cox
2007-10-22 16:56 ` Greg KH
2007-10-18 1:34 Thomas Fricaccia
2007-10-18 2:03 ` Casey Schaufler
2007-10-18 2:21 ` Linus Torvalds
2007-10-18 3:06 ` Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=471DBB75.9020605@debian.org \
--to=cate@debian.org \
--cc=agruen@suse.de \
--cc=jengelh@computergmbh.de \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=thomas_fricacci@yahoo.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox