Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110620155124.GA16444@mail.hallyn.com>
Date: Mon, 20 Jun 2011 10:51:24 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: Serge Hallyn <serge.hallyn@...onical.com>,
	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, apparmor@...ts.ubuntu.com,
	"selinux@...ho.nsa.gov Stephen Smalley" <sds@...ho.nsa.gov>,
	James Morris <jmorris@...ei.org>,
	Eric Paris <eparis@...isplace.org>,
	John Johansen <john.johansen@...onical.com>,
	kernel-hardening@...ts.openwall.com, serge@...lyn.com,
	Andrew Morgan <morgan@...nel.org>
Subject: Re: [RFC v2] security: intoduce ptrace_task_may_access_current

Quoting Vasiliy Kulikov (segoon@...nwall.com):
> On Mon, Jun 20, 2011 at 10:00 -0500, Serge Hallyn wrote:
> > > >diff --git a/kernel/capability.c b/kernel/capability.c
> > > >index 283c529..bc9b07f 100644
> > > >--- a/kernel/capability.c
> > > >+++ b/kernel/capability.c
> > > >@@ -356,6 +356,30 @@ bool capable(int cap)
> > > >  }
> > > >  EXPORT_SYMBOL(capable);
> > > >
> > > >+bool task_capable(struct task_struct *task, int cap)
> > > >+{
> > > >+	return ns_task_capable(task,&init_user_ns, cap);
> > > >+}
> > > >+EXPORT_SYMBOL(task_capable);
> > > 
> > > Why do we keep adding things like task_capable?  Can't we just stop
> > > adding non-lsm functions and just call the right LSM functions from
> > > now on?  This is my original comments mostly directed at Serge.  I'm
> > > to the point where I want to NAK anything new in kernel/capability.c
> > > (and yes, I know i'm guilty in the paste)
> > > 
> > > >+bool ns_task_capable(struct task_struct *task, struct user_namespace *ns, int cap)
> > 
> > Can you just use has_ns_capability() at the places where you wanted to
> > use your new ns_task_capable()?  It won't set PF_SUPERPRIV, but you
> > can't set that on another task anyway IIRC.
> 
> has_ns_capability() doesn't touch LSMs, but ns_task_capable() uses
> security_task_capable() which uses LSMs.

I don't understand what you mean by "doesn't touch LSMs."
has_ns_capability() uses security_real_capable() which calls
security_ops->capable().

The difference between 'has_capability' and 'capable' functions is
that the latter, as implied, have current as the subject, while
the former ask about another task.

-serge

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.