About this list Date view Thread view Subject view Author view Attachment view

From: Andrew Morgan (morgan_at_transmeta.com)
Date: Tue 13 Jan 2004 - 01:33:02 GMT

Linas Vepstas wrote:
> On Tue, Nov 11, 2003 at 02:46:52PM -0800, Andrew Morgan was heard to remark:
>>This is the most recent incarnation of the full capability support.
>>The big picture thing is that we put capabilities into the 'official'
>>kernel before having filesystem support for them. What resulted was a
>>free-for-all of 'cool' hacks that really messed up the underlying
>>security model.
>>In the filesystem based model, you grant 'available' capabilities based
>>on how the inode of the program interacts with the 'exec'ing process. In
>>the implemented hacked-kernel code, you give a privileged process
>>everything so you can be legacy compatible with setuid-0 programs.
>>The problems you discuss above result. There are some more hacks based
>>on bounding sets and the default inheritable set that you can get init
>>to initiate before it starts fork()ing children, but they are hacks, and
>>as such are likely to have problems of their own: not least that
>>programs are designed to assume that 'if I am root, setuid() will always
>>work so I won't bother checking all the [fr]uid values do what I
>>expect', and witness an exploit for things like sendmail of two years ago.
>>The code discussed here:
>>got the whole thing basically right - even legacy support. Modulo bugs
>>(obviously) and further development that never happened (obviously).
> OK,
> I see that the latest patch is mostly about associating capability bits with
> file-system attrs. Its against kernel 2.4.3 and appears not to be
> in marcello-2.4.22. What happened? Linus not like it? Never formally
> submitted to him (because the patch was too green)? Somebody told you
> to use the LSM framework, and never got around to it? selinux and/or rsbac
> provide a better security model ?

All of the above happened.

But the important part was that I got way too busy with my paying job
and growing family, and stopped working on it. [Witness, I filter all of
my mail into work/not-work and it took 2 months for me to read this one..!]



Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 13 Jan 2004 - 01:34:35 GMT by hypermail 2.1.3