Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Here is the patch to add per-process securebits.
>
> Its all code that lives inside the capability LSM and the new securebits
> implementation is only active if CONFIG_SECURITY_FILE_CAPABILITIES is
>
At Monday 04 February 2008 around 18:45:24 Serge E. Hallyn wrote:
> Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Ismail D??nmez wrote:
> > | What I meant to ask was what does "per-process securebits" brings as
> >
> > extra.
> >
> > It
On Mon, 4 Feb 2008 18:17:22 +
Pavel Machek <[EMAIL PROTECTED]> wrote:
> On Fri 2008-02-01 20:07:01, James Morris wrote:
> > On Fri, 1 Feb 2008, Andrew Morton wrote:
> >
> > > Really? I'd feel a lot more comfortable if yesterday's version 1 had led
> > > to a stream of comments from suitably-
On Fri 2008-02-01 20:07:01, James Morris wrote:
> On Fri, 1 Feb 2008, Andrew Morton wrote:
>
> > Really? I'd feel a lot more comfortable if yesterday's version 1 had led
> > to a stream of comments from suitably-knowledgeable kernel developers which
> > indicated that those developers had scrutin
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Ismail D??nmez wrote:
> | What I meant to ask was what does "per-process securebits" brings as
> extra.
>
> It allows you to create a legacy free process tree. For example, a
> chroot, or container (
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ismail Dönmez wrote:
| What I meant to ask was what does "per-process securebits" brings as
extra.
It allows you to create a legacy free process tree. For example, a
chroot, or container (which Serge can obviously explain in more detail),
environment
At Monday 04 February 2008 around 02:49:29 Andrew G. Morgan wrote:
> Another way to put this is that there needs to be some application code
> and documentation available to guide the way... Adding such things to
> the example programs in libcap2 helped me find the 24-rc2 CAP_SETPCAP
> bug and unti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ismail � wrote:
| At Sunday 03 February 2008 around 08:18:12 Andrew Morton wrote:
|> So how do we ever get to the stage where we can recommend that
distributors
|> turn these things on, and have them agree with us?
|
| FWIW with my distributor hat on
At Sunday 03 February 2008 around 08:18:12 Andrew Morton wrote:
> So how do we ever get to the stage where we can recommend that distributors
> turn these things on, and have them agree with us?
FWIW with my distributor hat on I think File system capabilities are very nice
and enables one to ship
On Sat, 02 Feb 2008 22:01:51 -0800 "Andrew G. Morgan" <[EMAIL PROTECTED]> wrote:
> Here is the very very long version (which took some time to write, and I
> thought was a bit much to spam these lists with):
>
> http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html
Thanks. Imag
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
|> -BEGIN PGP SIGNED MESSAGE-
|> Hash: SHA1
|>
|> Here is the patch to add per-process securebits.
|>
|> Its all code that lives inside the capability LSM and the new s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Morton wrote:
| On Fri, 01 Feb 2008 00:11:37 -0800 "Andrew G. Morgan"
<[EMAIL PROTECTED]> wrote:
|
|> [This patch represents a no-op unless CONFIG_SECURITY_FILE_CAPABILITIES
|> is enabled at configure time.]
|
| Patches like this scare the pan
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Here is the patch to add per-process securebits.
>
> Its all code that lives inside the capability LSM and the new securebits
> implementation is only active if CONFIG_SECURITY_FILE_CAPABILITIES is
>
On Fri, 1 Feb 2008, Andrew Morton wrote:
> Really? I'd feel a lot more comfortable if yesterday's version 1 had led
> to a stream of comments from suitably-knowledgeable kernel developers which
> indicated that those developers had scrutinised this code from every
> conceivable angle and had decl
On Fri, 01 Feb 2008 00:11:37 -0800 "Andrew G. Morgan" <[EMAIL PROTECTED]> wrote:
> [This patch represents a no-op unless CONFIG_SECURITY_FILE_CAPABILITIES
> is enabled at configure time.]
Patches like this scare the pants off me.
I'd have to recommend that distributors not enable this feature (
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is the patch to add per-process securebits.
Its all code that lives inside the capability LSM and the new securebits
implementation is only active if CONFIG_SECURITY_FILE_CAPABILITIES is
enabled (it doesn't make much sense to support this featur
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Andrew,
>
> Just to be clear, I'm not sure I agree that I'm hiding anything!
>
> I've tried very hard to limit this functionality to only being enabled
> if the still experimental LSM CONFIG_SECURITY
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -long cap_prctl_drop(unsigned long cap)
> +static long cap_prctl_drop(unsigned long cap)
> ~ {
> - - if (!capable(CAP_SETPCAP))
> + if (cap_capable(current, CAP_SETPCAP) != 0)
>
> | With this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Just to be clear, I'm not sure I agree that I'm hiding anything!
I've tried very hard to limit this functionality to only being enabled
if the still experimental LSM CONFIG_SECURITY_FILE_CAPABILITIES is yes.
I've also arranged for all of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -long cap_prctl_drop(unsigned long cap)
+static long cap_prctl_drop(unsigned long cap)
~ {
- - if (!capable(CAP_SETPCAP))
+ if (cap_capable(current, CAP_SETPCAP) != 0)
| With this change, you
| a) prevent PF_SUPERPRIV being set, al
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Here is the patch adding per-process secure-bits. This patch was
> generated over 2.6.24-rc8-mm1 + my privilege escalation bugfix.
>
> Cheers
>
> Andrew
>
> Ref: 6a63d67f37e50dd2031b3a050ebac1e64eae9
On Wed, 30 Jan 2008 23:02:30 -0800 "Andrew G. Morgan" <[EMAIL PROTECTED]> wrote:
> With filesystem capabilities it is now possible to do away with
> (set)uid-0 based privilege and use capabilities instead.
>
> Historically, this was first attempted with a kernel-global set of
> securebits. That i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is the patch adding per-process secure-bits. This patch was
generated over 2.6.24-rc8-mm1 + my privilege escalation bugfix.
Cheers
Andrew
Ref: 6a63d67f37e50dd2031b3a050ebac1e64eae916e
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Li
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> [EMAIL PROTECTED] wrote:
> | Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> | Here is my latest per-process secure-bits patch.
> |
> |> Hey Andrew,
> |
> |> looks really good. Two comments inli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
| Here is my latest per-process secure-bits patch.
|
|> Hey Andrew,
|
|> looks really good. Two comments inline.
Thanks for the review!
- - unsigned keep_capabilities:1;
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Here is my latest per-process secure-bits patch.
Hey Andrew,
looks really good. Two comments inline.
> Cheers
>
> Andrew
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Here is my latest per-process secure-bits patch.
Thanks Andrew, I'll check this out tonight or this weekend.
-serge
>
> Cheers
>
> Andrew
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.6 (G
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is my latest per-process secure-bits patch.
Cheers
Andrew
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFHmg44+bHCR3gb8jsRAqPoAJ9IrlrQLKNcw8c4T0pgCmn/Lcng7wCfYjVI
Tu1ufhQCjaMjuUizjJuMvrM=
=NiGN
-END PGP SIGNATURE---
28 matches
Mail list logo
