Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, 3 Jan 2018 09:21:16 -0800 Kees Cook wrote: > The more interesting thing here is that secureexec is set for a > process that ISN'T actually setuid. (ptrace of a setuid process). I > think tha'ts the real bug, but not something I'm going to be able to > fix quickly. So, for now, I want to

Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, 3 Jan 2018 09:21:16 -0800 Kees Cook wrote: > The more interesting thing here is that secureexec is set for a > process that ISN'T actually setuid. (ptrace of a setuid process). I > think tha'ts the real bug, but not something I'm going to be able to > fix quickly. So, for now, I want to

Re: [PATCH] exec: Weaken dumpability for secureexec

Quoting Kees Cook (keesc...@chromium.org): > On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote: > > On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: > >> This is a logical revert of: > >> > >> commit e37fdb785a5f ("exec: Use secureexec for setting

Re: [PATCH] exec: Weaken dumpability for secureexec

Quoting Kees Cook (keesc...@chromium.org): > On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote: > > On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: > >> This is a logical revert of: > >> > >> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") > >> > >> This

Re: [PATCH] exec: Weaken dumpability for secureexec

On 01/03/2018 09:21 AM, Kees Cook wrote: On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote: On Wed, 3 Jan 2018 01:04:44 -0600 Serge E. Hallyn wrote: This weakens dumpability back to checking only for uid/gid changes in current (which is useless), but userspace depends

Re: [PATCH] exec: Weaken dumpability for secureexec

On 01/03/2018 09:21 AM, Kees Cook wrote: On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote: On Wed, 3 Jan 2018 01:04:44 -0600 Serge E. Hallyn wrote: This weakens dumpability back to checking only for uid/gid changes in current (which is useless), but userspace depends on dumpability not

Re: [PATCH] exec: Weaken dumpability for secureexec

On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote: > On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: >> This is a logical revert of: >> >> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") >> >> This weakens dumpability back to checking

Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote: > On Wed, 3 Jan 2018 01:04:44 -0600 > Serge E. Hallyn wrote: > >> > This weakens dumpability back to checking only for uid/gid changes in >> > current (which is useless), but userspace depends on dumpability not >> > being

Re: [PATCH] exec: Weaken dumpability for secureexec

On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote: > On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: >> This is a logical revert of: >> >> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") >> >> This weakens dumpability back to checking only for uid/gid

Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote: > On Wed, 3 Jan 2018 01:04:44 -0600 > Serge E. Hallyn wrote: > >> > This weakens dumpability back to checking only for uid/gid changes in >> > current (which is useless), but userspace depends on dumpability not >> > being tied to secureexec. >>

Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, 3 Jan 2018 01:04:44 -0600 Serge E. Hallyn wrote: > > This weakens dumpability back to checking only for uid/gid changes in > > current (which is useless), but userspace depends on dumpability not > > being tied to secureexec. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1528633 >

Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, 3 Jan 2018 01:04:44 -0600 Serge E. Hallyn wrote: > > This weakens dumpability back to checking only for uid/gid changes in > > current (which is useless), but userspace depends on dumpability not > > being tied to secureexec. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1528633 >

Re: [PATCH] exec: Weaken dumpability for secureexec

On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: > This is a logical revert of: > > commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") > > This weakens dumpability back to checking only for uid/gid changes in > current (which is useless), but userspace depends on

Re: [PATCH] exec: Weaken dumpability for secureexec

On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: > This is a logical revert of: > > commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") > > This weakens dumpability back to checking only for uid/gid changes in > current (which is useless), but userspace depends on

Re: [PATCH] exec: Weaken dumpability for secureexec

On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: > This is a logical revert of: > > commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") > > This weakens dumpability back to checking only for uid/gid changes in > current (which is useless), but userspace depends on

Re: [PATCH] exec: Weaken dumpability for secureexec

On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote: > This is a logical revert of: > > commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") > > This weakens dumpability back to checking only for uid/gid changes in > current (which is useless), but userspace depends on

[PATCH] exec: Weaken dumpability for secureexec

This is a logical revert of: commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") This weakens dumpability back to checking only for uid/gid changes in current (which is useless), but userspace depends on dumpability not being tied to secureexec.

[PATCH] exec: Weaken dumpability for secureexec

This is a logical revert of: commit e37fdb785a5f ("exec: Use secureexec for setting dumpability") This weakens dumpability back to checking only for uid/gid changes in current (which is useless), but userspace depends on dumpability not being tied to secureexec.