Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110620155124.GA16444@mail.hallyn.com>
Date: Mon, 20 Jun 2011 10:51:24 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: Serge Hallyn <serge.hallyn@...onical.com>,
	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, apparmor@...ts.ubuntu.com,
	"selinux@...ho.nsa.gov Stephen Smalley" <sds@...ho.nsa.gov>,
	James Morris <jmorris@...ei.org>,
	Eric Paris <eparis@...isplace.org>,
	John Johansen <john.johansen@...onical.com>,
	kernel-hardening@...ts.openwall.com, serge@...lyn.com,
	Andrew Morgan <morgan@...nel.org>
Subject: Re: [RFC v2] security: intoduce ptrace_task_may_access_current

Quoting Vasiliy Kulikov (segoon@...nwall.com):
> On Mon, Jun 20, 2011 at 10:00 -0500, Serge Hallyn wrote:
> > > >diff --git a/kernel/capability.c b/kernel/capability.c
> > > >index 283c529..bc9b07f 100644
> > > >--- a/kernel/capability.c
> > > >+++ b/kernel/capability.c
> > > >@@ -356,6 +356,30 @@ bool capable(int cap)
> > > >  }
> > > >  EXPORT_SYMBOL(capable);
> > > >
> > > >+bool task_capable(struct task_struct *task, int cap)
> > > >+{
> > > >+	return ns_task_capable(task,&init_user_ns, cap);
> > > >+}
> > > >+EXPORT_SYMBOL(task_capable);
> > > 
> > > Why do we keep adding things like task_capable?  Can't we just stop
> > > adding non-lsm functions and just call the right LSM functions from
> > > now on?  This is my original comments mostly directed at Serge.  I'm
> > > to the point where I want to NAK anything new in kernel/capability.c
> > > (and yes, I know i'm guilty in the paste)
> > > 
> > > >+bool ns_task_capable(struct task_struct *task, struct user_namespace *ns, int cap)
> > 
> > Can you just use has_ns_capability() at the places where you wanted to
> > use your new ns_task_capable()?  It won't set PF_SUPERPRIV, but you
> > can't set that on another task anyway IIRC.
> 
> has_ns_capability() doesn't touch LSMs, but ns_task_capable() uses
> security_task_capable() which uses LSMs.

I don't understand what you mean by "doesn't touch LSMs."
has_ns_capability() uses security_real_capable() which calls
security_ops->capable().

The difference between 'has_capability' and 'capable' functions is
that the latter, as implied, have current as the subject, while
the former ask about another task.

-serge

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.