Re: [PATCH 1/1] simplified security.nscapability xattr

On Mon, May 16, 2016 at 04:15:23PM -0500, Serge E. Hallyn wrote: > Quoting Serge E. Hallyn (se...@hallyn.com): > ... > > There's a problem though. The above suffices to prevent an unprivileged > > user > > in a user_ns from unsharing a user_ns to write a file capability and exploit > > that

Re: [PATCH 1/1] simplified security.nscapability xattr

On Mon, May 16, 2016 at 04:15:23PM -0500, Serge E. Hallyn wrote: > Quoting Serge E. Hallyn (se...@hallyn.com): > ... > > There's a problem though. The above suffices to prevent an unprivileged > > user > > in a user_ns from unsharing a user_ns to write a file capability and exploit > > that

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Serge E. Hallyn (se...@hallyn.com): ... > There's a problem though. The above suffices to prevent an unprivileged user > in a user_ns from unsharing a user_ns to write a file capability and exploit > that capability in the ns where he is unprivileged. With one exception, which > is the

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Serge E. Hallyn (se...@hallyn.com): ... > There's a problem though. The above suffices to prevent an unprivileged user > in a user_ns from unsharing a user_ns to write a file capability and exploit > that capability in the ns where he is unprivileged. With one exception, which > is the

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Jann Horn (j...@thejh.net): > On Tue, May 03, 2016 at 12:54:40AM -0500, Eric W. Biederman wrote: > > "Serge E. Hallyn" writes: > > > > > Quoting Andrew G. Morgan (mor...@kernel.org): > > >> > > >> I guess I'm confused how we have strayed so far that this isn't an > >

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Jann Horn (j...@thejh.net): > On Tue, May 03, 2016 at 12:54:40AM -0500, Eric W. Biederman wrote: > > "Serge E. Hallyn" writes: > > > > > Quoting Andrew G. Morgan (mor...@kernel.org): > > >> > > >> I guess I'm confused how we have strayed so far that this isn't an > > >> obvious > > >>

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Serge E. Hallyn (se...@hallyn.com): > Quoting Eric W. Biederman (ebied...@xmission.com): > > "Serge E. Hallyn" writes: > > > > > Quoting Andrew G. Morgan (mor...@kernel.org): > > >> > > >> I guess I'm confused how we have strayed so far that this isn't an > > >>

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Serge E. Hallyn (se...@hallyn.com): > Quoting Eric W. Biederman (ebied...@xmission.com): > > "Serge E. Hallyn" writes: > > > > > Quoting Andrew G. Morgan (mor...@kernel.org): > > >> > > >> I guess I'm confused how we have strayed so far that this isn't an > > >> obvious > > >>

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Eric W. Biederman (ebied...@xmission.com): > "Andrew G. Morgan" writes: > > > On 2 May 2016 6:04 p.m., "Eric W. Biederman" > > wrote: > >> > >> "Serge E. Hallyn" writes: > >> > >> > On Tue, Apr 26, 2016 at 03:39:54PM -0700,

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Eric W. Biederman (ebied...@xmission.com): > "Andrew G. Morgan" writes: > > > On 2 May 2016 6:04 p.m., "Eric W. Biederman" > > wrote: > >> > >> "Serge E. Hallyn" writes: > >> > >> > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: > >> >> On Tue, Apr 26, 2016 at 3:26 PM,

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, May 03, 2016 at 12:54:40AM -0500, Eric W. Biederman wrote: > "Serge E. Hallyn" writes: > > > Quoting Andrew G. Morgan (mor...@kernel.org): > >> > >> I guess I'm confused how we have strayed so far that this isn't an obvious > >> requirement. Uid=0 as being the root of

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, May 03, 2016 at 12:54:40AM -0500, Eric W. Biederman wrote: > "Serge E. Hallyn" writes: > > > Quoting Andrew G. Morgan (mor...@kernel.org): > >> > >> I guess I'm confused how we have strayed so far that this isn't an obvious > >> requirement. Uid=0 as being the root of privilege was the

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Eric W. Biederman (ebied...@xmission.com): > "Serge E. Hallyn" writes: > > > Quoting Andrew G. Morgan (mor...@kernel.org): > >> > >> I guess I'm confused how we have strayed so far that this isn't an obvious > >> requirement. Uid=0 as being the root of privilege was

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Eric W. Biederman (ebied...@xmission.com): > "Serge E. Hallyn" writes: > > > Quoting Andrew G. Morgan (mor...@kernel.org): > >> > >> I guess I'm confused how we have strayed so far that this isn't an obvious > >> requirement. Uid=0 as being the root of privilege was the basic problem >

Re: [PATCH 1/1] simplified security.nscapability xattr

"Serge E. Hallyn" writes: > Quoting Andrew G. Morgan (mor...@kernel.org): >> >> I guess I'm confused how we have strayed so far that this isn't an obvious >> requirement. Uid=0 as being the root of privilege was the basic problem >> that capabilities were designed to change. >

Re: [PATCH 1/1] simplified security.nscapability xattr

"Serge E. Hallyn" writes: > Quoting Andrew G. Morgan (mor...@kernel.org): >> >> I guess I'm confused how we have strayed so far that this isn't an obvious >> requirement. Uid=0 as being the root of privilege was the basic problem >> that capabilities were designed to change. > > The task

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Andrew G. Morgan (mor...@kernel.org): > On 2 May 2016 6:04 p.m., "Eric W. Biederman" wrote: > > > > "Serge E. Hallyn" writes: > > > > > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: > > >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E.

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Andrew G. Morgan (mor...@kernel.org): > On 2 May 2016 6:04 p.m., "Eric W. Biederman" wrote: > > > > "Serge E. Hallyn" writes: > > > > > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: > > >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn > wrote: > > >> > Quoting Kees Cook

Re: [PATCH 1/1] simplified security.nscapability xattr

"Andrew G. Morgan" writes: > On 2 May 2016 6:04 p.m., "Eric W. Biederman" > wrote: >> >> "Serge E. Hallyn" writes: >> >> > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: >> >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E.

Re: [PATCH 1/1] simplified security.nscapability xattr

"Andrew G. Morgan" writes: > On 2 May 2016 6:04 p.m., "Eric W. Biederman" > wrote: >> >> "Serge E. Hallyn" writes: >> >> > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: >> >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn > wrote: >> >> > Quoting Kees Cook

Re: [PATCH 1/1] simplified security.nscapability xattr

"Serge E. Hallyn" writes: > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: >> > Quoting Kees Cook (keesc...@chromium.org): >> >> On Fri, Apr 22, 2016 at 10:26 AM,

Re: [PATCH 1/1] simplified security.nscapability xattr

"Serge E. Hallyn" writes: > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: >> > Quoting Kees Cook (keesc...@chromium.org): >> >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: >> >> > From: Serge Hallyn > ... >> >> This looks

Re: [PATCH 1/1] simplified security.nscapability xattr

On 05/02/2016 05:54 AM, Serge E. Hallyn wrote: > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: >>> Quoting Kees Cook (keesc...@chromium.org): On Fri, Apr 22, 2016 at 10:26 AM,

Re: [PATCH 1/1] simplified security.nscapability xattr

On 05/02/2016 05:54 AM, Serge E. Hallyn wrote: > On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: >> On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: >>> Quoting Kees Cook (keesc...@chromium.org): On Fri, Apr 22, 2016 at 10:26 AM, wrote: > From: Serge Hallyn > ...

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: > On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > > Quoting Kees Cook (keesc...@chromium.org): > >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: > >> > From: Serge Hallyn

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: > On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > > Quoting Kees Cook (keesc...@chromium.org): > >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: > >> > From: Serge Hallyn ... > >> This looks like userspace must knowingly be aware

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: > On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > > Quoting Kees Cook (keesc...@chromium.org): > >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: > >> > From: Serge Hallyn

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, Apr 26, 2016 at 03:39:54PM -0700, Kees Cook wrote: > On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > > Quoting Kees Cook (keesc...@chromium.org): > >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: > >> > From: Serge Hallyn > >> > > >> > This can only be set by root in his own

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Kees Cook (keesc...@chromium.org): > On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > > Quoting Kees Cook (keesc...@chromium.org): > >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: > >> > From: Serge Hallyn > >> >

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Kees Cook (keesc...@chromium.org): > On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > > Quoting Kees Cook (keesc...@chromium.org): > >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: > >> > From: Serge Hallyn > >> > > >> > This can only be set by root in his own namespace, and will

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > Quoting Kees Cook (keesc...@chromium.org): >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: >> > From: Serge Hallyn >> > >> > This can only be set by root in his own

Re: [PATCH 1/1] simplified security.nscapability xattr

On Tue, Apr 26, 2016 at 3:26 PM, Serge E. Hallyn wrote: > Quoting Kees Cook (keesc...@chromium.org): >> On Fri, Apr 22, 2016 at 10:26 AM, wrote: >> > From: Serge Hallyn >> > >> > This can only be set by root in his own namespace, and will >> > only be respected by namespaces with that same

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Apr 22, 2016 at 10:26 AM, wrote: > > From: Serge Hallyn > > > > This can only be set by root in his own namespace, and will > > only be respected by namespaces with that same root kuid > >

Re: [PATCH 1/1] simplified security.nscapability xattr

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Apr 22, 2016 at 10:26 AM, wrote: > > From: Serge Hallyn > > > > This can only be set by root in his own namespace, and will > > only be respected by namespaces with that same root kuid > > mapped as root, or namespaces descended from it. > >

Re: [PATCH 1/1] simplified security.nscapability xattr

On Fri, Apr 22, 2016 at 10:26 AM, wrote: > From: Serge Hallyn > > This can only be set by root in his own namespace, and will > only be respected by namespaces with that same root kuid > mapped as root, or namespaces descended from it. > > This

Re: [PATCH 1/1] simplified security.nscapability xattr

On Fri, Apr 22, 2016 at 10:26 AM, wrote: > From: Serge Hallyn > > This can only be set by root in his own namespace, and will > only be respected by namespaces with that same root kuid > mapped as root, or namespaces descended from it. > > This allows a simple setxattr to work, allows tar/untar

Re: [PATCH 1/1] simplified security.nscapability xattr

On Fri, Apr 22, 2016 at 12:26:33PM -0500, serge.hal...@ubuntu.com wrote: > From: Serge Hallyn > > This can only be set by root in his own namespace, and will > only be respected by namespaces with that same root kuid > mapped as root, or namespaces descended from it. >

Re: [PATCH 1/1] simplified security.nscapability xattr

On Fri, Apr 22, 2016 at 12:26:33PM -0500, serge.hal...@ubuntu.com wrote: > From: Serge Hallyn > > This can only be set by root in his own namespace, and will > only be respected by namespaces with that same root kuid > mapped as root, or namespaces descended from it. > > This allows a simple