From: Vasiliy Kulikov <segoon@openwall.com>
To: David Miller <davem@davemloft.net>
Cc: shemminger@vyatta.com, serge.hallyn@ubuntu.com,
bhutchings@solarflare.com, eparis@redhat.com,
eparis@parisplace.org, linux-kernel@vger.kernel.org,
mjt@tls.msk.ru, arnd@arndb.de, mirqus@gmail.com,
netdev@vger.kernel.org, kuznet@ms2.inr.ac.ru, pekkas@netcore.fi,
jmorris@namei.org, yoshfuji@linux-ipv6.org, kaber@trash.net,
eric.dumazet@gmail.com, therbert@google.com, xiaosuo@gmail.com,
jesse@nicira.com, kees.cook@canonical.com, eugene@redhat.com,
dan.j.rosenberg@gmail.com, akpm@linux-foundation.org,
greg@kroah.com, sds@tycho.nsa.gov,
linux-security-module@vger.kernel.org, dwalsh@redhat.com,
dhowells@redhat.com
Subject: Re: [PATCH v2] net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules
Date: Sat, 26 Mar 2011 13:35:39 +0300 [thread overview]
Message-ID: <20110326103539.GA4719@albatros> (raw)
In-Reply-To: <20110324.144628.58411809.davem@davemloft.net>
On Thu, Mar 24, 2011 at 14:46 -0700, David Miller wrote:
> You can't say "userland will fix things up"
>
> Because we're never supposed to break userland in the first place.
I admit that the patch breaks things.
But the thing is that kernel changes _are_ breaking userspace here and
there, not only by such obvious policy changes, but by indirect changes.
Note that the patch that changed CAP_SYS_MODULE to CAP_NET_ADMIN has
broken userspace behavior too - one could load modules with
CAP_SYS_MODULE without CAP_NET_ADMIN via "ifconfig wifi0" and after the
patch it could not.
Look at this patch:
http://patchwork.ozlabs.org/patch/42148/
It breaks userspace tools too - one might run LSM in learning mode to
create a profile for netfilter configuring, saw it didn't need any CAP_*
and totally denied them in the profile. After many years (the bug was
fixed after 5+ years!) of good work it was broken by the patch. The same
with plenty of patches that introduce different checks in places where
there were no permission checks at all or these checks were broken.
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
next prev parent reply other threads:[~2011-03-26 10:35 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-24 15:12 module loading with CAP_NET_ADMIN Vasiliy Kulikov
2011-02-24 16:34 ` Ben Hutchings
2011-02-25 12:30 ` Vasiliy Kulikov
2011-02-25 15:14 ` [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernel modules Vasiliy Kulikov
2011-02-25 17:25 ` Valdis.Kletnieks
2011-02-25 17:47 ` Vasiliy Kulikov
2011-02-25 17:48 ` Ben Hutchings
2011-02-25 18:47 ` David Miller
2011-02-25 19:02 ` Vasiliy Kulikov
2011-02-25 19:05 ` David Miller
2011-02-25 19:07 ` Ben Hutchings
2011-02-25 19:16 ` David Miller
2011-02-25 19:30 ` Ben Hutchings
2011-02-25 19:43 ` David Miller
2011-02-25 19:53 ` Ben Hutchings
2011-02-25 20:37 ` David Miller
2011-02-25 20:38 ` Ben Hutchings
2011-02-25 20:59 ` Michał Mirosław
2011-02-27 20:22 ` Arnd Bergmann
2011-02-28 9:29 ` Michael Tokarev
2011-02-28 9:51 ` Vasiliy Kulikov
2011-02-28 19:23 ` David Miller
2011-03-01 19:48 ` [PATCH] net: " Vasiliy Kulikov
2011-03-01 20:13 ` Ben Hutchings
2011-03-01 21:33 ` [PATCH v2] " Vasiliy Kulikov
2011-03-02 7:15 ` Michael Tokarev
2011-03-09 22:06 ` Vasiliy Kulikov
2011-03-09 22:09 ` David Miller
2011-03-09 22:53 ` James Morris
2011-03-10 9:49 ` Vasiliy Kulikov
2011-03-02 16:01 ` Kees Cook
2011-03-02 19:39 ` Jake Edge
2011-03-02 19:43 ` Vasiliy Kulikov
2011-03-02 19:49 ` Jake Edge
2011-03-02 20:18 ` Vasiliy Kulikov
2011-03-02 20:38 ` Jake Edge
2011-03-02 20:40 ` Jake Edge
2011-03-22 20:47 ` Eric Paris
2011-03-24 15:37 ` Serge E. Hallyn
2011-03-24 18:03 ` Eric Paris
2011-03-24 18:33 ` Ben Hutchings
2011-03-24 20:26 ` Serge E. Hallyn
2011-03-24 21:39 ` Stephen Hemminger
2011-03-24 21:46 ` David Miller
2011-03-24 21:57 ` Serge E. Hallyn
2011-03-24 22:15 ` Eric Paris
2011-03-24 21:57 ` Greg KH
2011-03-26 10:35 ` Vasiliy Kulikov [this message]
2011-02-27 11:44 ` [PATCH] " Vasiliy Kulikov
2011-02-27 23:18 ` David Miller
2011-02-27 23:19 ` David Miller
2011-02-25 15:29 ` module loading with CAP_NET_ADMIN Michael Tokarev
2011-02-25 15:57 ` Vasiliy Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110326103539.GA4719@albatros \
--to=segoon@openwall.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bhutchings@solarflare.com \
--cc=dan.j.rosenberg@gmail.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwalsh@redhat.com \
--cc=eparis@parisplace.org \
--cc=eparis@redhat.com \
--cc=eric.dumazet@gmail.com \
--cc=eugene@redhat.com \
--cc=greg@kroah.com \
--cc=jesse@nicira.com \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kees.cook@canonical.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mirqus@gmail.com \
--cc=mjt@tls.msk.ru \
--cc=netdev@vger.kernel.org \
--cc=pekkas@netcore.fi \
--cc=sds@tycho.nsa.gov \
--cc=serge.hallyn@ubuntu.com \
--cc=shemminger@vyatta.com \
--cc=therbert@google.com \
--cc=xiaosuo@gmail.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).