On Fri, Jul 10, 2015 at 8:36 PM, Casey Schaufler wrote:
> On some systems the uid is being used as an application identifier
> instead of a human identifier. The access controls are not designed
> for this. The POSIX capabilities aren't designed for this. If Fred
> creates a program that is setuid
On Fri, Jul 10, 2015 at 03:43:08PM +0200, David Herrmann wrote:
> We need binary compatibility to dbus1. There're millions of
> applications and language bindings with dbus1 compiled in, which we
> cannot suddenly break.
But they can keep using the existing userspace dbus1, and move over
to an in-
On Fri, Jul 10, 2015 at 10:47:32AM -0400, Stephen Smalley wrote:
> On 07/10/2015 09:43 AM, David Herrmann wrote:
> > Hi
> >
> > On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
> >> On 07/09/2015 06:22 PM, David Herrmann wrote:
> >>> To be clear, faking metadata has one use-case, and one u
Am 10.07.2015 um 20:36 schrieb Casey Schaufler:
> On 7/10/2015 11:02 AM, Richard Weinberger wrote:
>> On Fri, Jul 10, 2015 at 7:16 PM, Casey Schaufler
>> wrote:
>>> On 7/10/2015 9:26 AM, David Herrmann wrote:
Hi
On Fri, Jul 10, 2015 at 5:59 PM, Casey Schaufler
wrote:
[.
On 7/10/2015 11:02 AM, Richard Weinberger wrote:
> On Fri, Jul 10, 2015 at 7:16 PM, Casey Schaufler
> wrote:
>> On 7/10/2015 9:26 AM, David Herrmann wrote:
>>> Hi
>>>
>>> On Fri, Jul 10, 2015 at 5:59 PM, Casey Schaufler
>>> wrote:
>>> [...]
There are so many ways uids are be
On 07/10/2015 12:48 PM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 4:47 PM, Stephen Smalley wrote:
>> On 07/10/2015 09:43 AM, David Herrmann wrote:
>>> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
On 07/09/2015 06:22 PM, David Herrmann wrote:
> With dbus1, clients
On Fri, Jul 10, 2015 at 7:16 PM, Casey Schaufler wrote:
> On 7/10/2015 9:26 AM, David Herrmann wrote:
>> Hi
>>
>> On Fri, Jul 10, 2015 at 5:59 PM, Casey Schaufler
>> wrote:
>> [...]
>>>There are so many ways uids are being (miss/ab)used
>>> on Linux systems these days that the id
On 7/10/2015 9:30 AM, Alex Elsayed wrote:
> Casey Schaufler wrote:
>
>> On 7/10/2015 7:57 AM, Alex Elsayed wrote:
>>> Stephen Smalley wrote:
>>>
On 07/10/2015 09:43 AM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley
> wrote:
>> On 07/09/201
On 7/10/2015 9:26 AM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 5:59 PM, Casey Schaufler
> wrote:
> [...]
>>There are so many ways uids are being (miss/ab)used
>> on Linux systems these days that the idea of trusting a bus just
>> because its non-root uid is listed in
Hi
On Fri, Jul 10, 2015 at 4:47 PM, Stephen Smalley wrote:
> On 07/10/2015 09:43 AM, David Herrmann wrote:
>> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
>>> On 07/09/2015 06:22 PM, David Herrmann wrote:
With dbus1, clients can ask the dbus-daemon for the seclabel of a peer
Casey Schaufler wrote:
> On 7/10/2015 7:57 AM, Alex Elsayed wrote:
>> Stephen Smalley wrote:
>>
>>> On 07/10/2015 09:43 AM, David Herrmann wrote:
Hi
On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley
wrote:
> On 07/09/2015 06:22 PM, David Herrmann wrote:
>> To be clear,
Hi
On Fri, Jul 10, 2015 at 5:59 PM, Casey Schaufler wrote:
[...]
>There are so many ways uids are being (miss/ab)used
> on Linux systems these days that the idea of trusting a bus just
> because its non-root uid is listed in a table somewhere (or worse,
> coded in an API) is askin
On 7/10/2015 7:57 AM, Alex Elsayed wrote:
> Stephen Smalley wrote:
>
>> On 07/10/2015 09:43 AM, David Herrmann wrote:
>>> Hi
>>>
>>> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley
>>> wrote:
On 07/09/2015 06:22 PM, David Herrmann wrote:
> To be clear, faking metadata has one use-case, a
On 7/10/2015 6:43 AM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
>> On 07/09/2015 06:22 PM, David Herrmann wrote:
>>> To be clear, faking metadata has one use-case, and one use-case only:
>>> dbus1 compatibility
>>>
>>> In dbus1, clients connect to a uni
Stephen Smalley wrote:
> On 07/10/2015 09:43 AM, David Herrmann wrote:
>> Hi
>>
>> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley
>> wrote:
>>> On 07/09/2015 06:22 PM, David Herrmann wrote:
To be clear, faking metadata has one use-case, and one use-case only:
dbus1 compatibility
On 07/10/2015 09:43 AM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
>> On 07/09/2015 06:22 PM, David Herrmann wrote:
>>> To be clear, faking metadata has one use-case, and one use-case only:
>>> dbus1 compatibility
>>>
>>> In dbus1, clients connect to a
Am Freitag, 10. Juli 2015, 16:20:44 schrieb Martin Steigerwald:
> Am Freitag, 10. Juli 2015, 15:43:08 schrieb David Herrmann:
> > Hi
>
> Hi,
>
> > On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley
> >
> > wrote:
> > > On 07/09/2015 06:22 PM, David Herrmann wrote:
> > >> To be clear, faking meta
Am Freitag, 10. Juli 2015, 15:43:08 schrieb David Herrmann:
> Hi
Hi,
> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley
> wrote:
> > On 07/09/2015 06:22 PM, David Herrmann wrote:
> >> To be clear, faking metadata has one use-case, and one use-case only:
> >> dbus1 compatibility
> >>
> >> In db
Hi
On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
> On 07/09/2015 06:22 PM, David Herrmann wrote:
>> To be clear, faking metadata has one use-case, and one use-case only:
>> dbus1 compatibility
>>
>> In dbus1, clients connect to a unix-socket placed in the file-system
>> hierarchy. To av
On 07/10/2015 05:05 AM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 12:56 AM, Casey Schaufler
> wrote:
>> On 7/9/2015 3:22 PM, David Herrmann wrote:
>>> Regarding requiring CAP_SYS_ADMIN, I don't really see the point. In
>>> the kdbus security model, if you don't trust the bus-creator,
On 07/09/2015 06:22 PM, David Herrmann wrote:
> Hi
>
> On Thu, Jul 9, 2015 at 8:26 PM, Stephen Smalley wrote:
>> Hi,
>>
>> I have a concern with the support for faked credentials in kdbus, but
>> don't know enough about the original motivation or intended use case to
>> evaluate it concretely. I
Hi
On Fri, Jul 10, 2015 at 12:56 AM, Casey Schaufler
wrote:
> On 7/9/2015 3:22 PM, David Herrmann wrote:
>> Regarding requiring CAP_SYS_ADMIN, I don't really see the point. In
>> the kdbus security model, if you don't trust the bus-creator, you
>> should not connect to the bus.
>
> That's fine in
On 7/9/2015 3:22 PM, David Herrmann wrote:
> Hi
>
> On Thu, Jul 9, 2015 at 8:26 PM, Stephen Smalley wrote:
>> Hi,
>>
>> I have a concern with the support for faked credentials in kdbus, but
>> don't know enough about the original motivation or intended use case to
>> evaluate it concretely. I rai
Hi
On Thu, Jul 9, 2015 at 8:26 PM, Stephen Smalley wrote:
> Hi,
>
> I have a concern with the support for faked credentials in kdbus, but
> don't know enough about the original motivation or intended use case to
> evaluate it concretely. I raised this issue during the "kdbus for
> 4.1-rc1" threa
Hi,
I have a concern with the support for faked credentials in kdbus, but
don't know enough about the original motivation or intended use case to
evaluate it concretely. I raised this issue during the "kdbus for
4.1-rc1" thread a while back but none of the kdbus maintainers
responded, and the one
25 matches
Mail list logo