On Tue, 10 Nov 2015, Theodore Ts'o wrote:
> If you want to create a patch, my recommendation would be to do one
> that turns off ambient capabilities as a CONFIG option, and hide it
> under CONFIG_EXPERT. Or maybe adding a new securebit which disables
> ambient capabilities. Whether or not that
On Tue, Nov 10, 2015 at 12:55:27PM +0100, Klaus Ethgen wrote:
> > You can tell other people that they write privileged programs in the
> > wrong programming language if you like.
>
> Hey, it is not about programming languages. I never said something in
> that direction!
>
> I brought python progr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Andy,
Am Di den 10. Nov 2015 um 1:06 schrieb Andy Lutomirski:
> > So, answered that I get very frustrated. We talk about details that have
> > nothing to do with the main problem. The main problem is that there is
> > no way to disable ambient c
On Nov 9, 2015 1:29 PM, "Klaus Ethgen" wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Am Mo den 9. Nov 2015 um 20:02 schrieb Austin S Hemmelgarn:
> > >>>Having some scripts in the process is definitively a nightmare to
> > >>>control. That should be prevented wherever possible.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mo den 9. Nov 2015 um 20:02 schrieb Austin S Hemmelgarn:
> >>>Having some scripts in the process is definitively a nightmare to
> >>>control. That should be prevented wherever possible. And usually it is
> >>>as the scripts might be used for comp
On 2015-11-09 12:23, Klaus Ethgen wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mo den 9. Nov 2015 um 17:28 schrieb Austin S Hemmelgarn:
Having some scripts in the process is definitively a nightmare to
control. That should be prevented wherever possible. And usually it is
as the s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mo den 9. Nov 2015 um 17:28 schrieb Austin S Hemmelgarn:
> >Having some scripts in the process is definitively a nightmare to
> >control. That should be prevented wherever possible. And usually it is
> >as the scripts might be used for computing
On 2015-11-07 06:02, Klaus Ethgen wrote:
Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
A piece of system configuration software needs to do some
networking setup with some privilege, including calling scripts. It can
either do so as root or not at all - polluting every program that w
On Sat, Nov 07, 2015 at 12:02:47PM +0100, Klaus Ethgen wrote:
> Hi Guys,
>
> Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> > I would have been happy if there had been a default-off PR_ENABLE_AMBIENT
> > prctl which required a new CAP_ENABLE_AMBIENT capability to turn on, but
> > the c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Guys,
Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > > In the light of that, using things like ambient capabi
On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > In the light of that, using things like ambient capabilities, or using
> > setuid binary that immediately drops all caps that it needs, is
> > probably the best we're going to
On Fri, Nov 06, 2015 at 09:51:15AM -0800, Casey Schaufler wrote:
> On 11/6/2015 7:53 AM, Theodore Ts'o wrote:
> > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> >> But that left out completely the, I think more important, usecase of
> >> _removing_ SUID completely and _replacing_ i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> > But that left out completely the, I think more important, usecase of
> > _removing_ SUID completely and _replacing_ it with ver
On 11/6/2015 7:53 AM, Theodore Ts'o wrote:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
>> But that left out completely the, I think more important, usecase of
>> _removing_ SUID completely and _replacing_ it with very tight capability
>> setting. And that is what I always talked
On Fri, Nov 6, 2015 at 7:53 AM, Theodore Ts'o wrote:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
>> But that left out completely the, I think more important, usecase of
>> _removing_ SUID completely and _replacing_ it with very tight capability
>> setting. And that is what I al
On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> But that left out completely the, I think more important, usecase of
> _removing_ SUID completely and _replacing_ it with very tight capability
> setting. And that is what I always talked about.
I don't believe this is ever going to b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Do den 5. Nov 2015 um 23:08 schrieb Serge E. Hallyn:
> On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote:
> > On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote:
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA512
> >
On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote:
> On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > Am Do den 5. Nov 2015 um 18:34 schrieb Serge E. Hallyn:
> >> > Am Do den 5. Nov 2015 um 17:15 schrieb Serge E. Ha
On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Am Do den 5. Nov 2015 um 18:34 schrieb Serge E. Hallyn:
>> > Am Do den 5. Nov 2015 um 17:15 schrieb Serge E. Hallyn:
>> > > I think if you follow your idea to its logical conclusions, you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Do den 5. Nov 2015 um 18:34 schrieb Serge E. Hallyn:
> > Am Do den 5. Nov 2015 um 17:15 schrieb Serge E. Hallyn:
> > > I think if you follow your idea to its logical conclusions, you end
> > > up wanting set SECURE_ALL_BITS | SECURE_ALL_LOCKS, w
On Thu, Nov 05, 2015 at 06:17:01PM +0100, Klaus Ethgen wrote:
> Hi Serge,
>
> Am Do den 5. Nov 2015 um 17:15 schrieb Serge E. Hallyn:
> > I think if you follow your idea to its logical conclusions, you end
> > up wanting set SECURE_ALL_BITS | SECURE_ALL_LOCKS, which will include
> > SECURE_NO_CAP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Do den 5. Nov 2015 um 17:19 schrieb Andy Lutomirski:
> > With the present way, that was no problem (for OSS). You take away the
> > SUID, set the capabilities and if the tool complains about not being
> > root, look into the code and remove
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Serge,
Am Do den 5. Nov 2015 um 17:15 schrieb Serge E. Hallyn:
> I think if you follow your idea to its logical conclusions, you end
> up wanting set SECURE_ALL_BITS | SECURE_ALL_LOCKS, which will include
> SECURE_NO_CAP_AMBIENT_RAISE, disabling
On Thu, Nov 5, 2015 at 2:19 AM, Klaus Ethgen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> sorry for the delay.
>
> Am Mo den 2. Nov 2015 um 20:45 schrieb Andy Lutomirski:
>> > Well, the think that changed is that the ambient capabilities can be set
>> > by any process if
On Thu, Nov 05, 2015 at 11:19:54AM +0100, Klaus Ethgen wrote:
> Hi,
>
> sorry for the delay.
>
> Am Mo den 2. Nov 2015 um 20:45 schrieb Andy Lutomirski:
> > > Well, the think that changed is that the ambient capabilities can be set
> > > by any process if the pI and pE are matching for a process
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
sorry for the delay.
Am Mo den 2. Nov 2015 um 20:45 schrieb Andy Lutomirski:
> > Well, the think that changed is that the ambient capabilities can be set
> > by any process if the pI and pE are matching for a process. But then,
> > that capabi
On Mon, Nov 2, 2015 at 11:16 AM, Klaus Ethgen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> Am Mo den 2. Nov 2015 um 19:50 schrieb Andy Lutomirski:
>> >> I read recently about patch 58319057b7847667f0c9585b9de0e8932b0fdb08
>> >> which made it into kernel 4.3 recently. And
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Mo den 2. Nov 2015 um 19:50 schrieb Andy Lutomirski:
> >> I read recently about patch 58319057b7847667f0c9585b9de0e8932b0fdb08
> >> which made it into kernel 4.3 recently. And I have to say that I was
> >> shocked on how could such a patch t
On Mon, Nov 2, 2015 at 10:38 AM, Richard Weinberger
wrote:
>>
>> With the patch above, any process that is spawned by such a program will
>> inherit the raised capabilities if it has no own filecapabilities set.
Do you actually have a real example of this?
The ambient capabilities stay empty unl
On Mon, Nov 2, 2015 at 10:38 AM, Richard Weinberger
wrote:
> CC'ing patch authors.
>
> On Mon, Nov 2, 2015 at 7:06 PM, Klaus Ethgen wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> Hi,
>>
>> I read recently about patch 58319057b7847667f0c9585b9de0e8932b0fdb08
>> which made it in
CC'ing patch authors.
On Mon, Nov 2, 2015 at 7:06 PM, Klaus Ethgen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> I read recently about patch 58319057b7847667f0c9585b9de0e8932b0fdb08
> which made it into kernel 4.3 recently. And I have to say that I was
> shocked on how co
31 matches
Mail list logo
