Re: [PATCH v2] security: Yama LSM

From: Andi Kleen
Date: Wed Jun 23 2010 - 07:43:54 EST

Next message: Jani Nikula: "Re: gpiolib and sleeping gpios"
Previous message: Frederic Weisbecker: "Re: [PATCH 12/40] x86, compat: convert ia32 layer to use"
In reply to: Kees Cook: "[PATCH v2] security: Yama LSM"
Next in thread: Kees Cook: "Re: [PATCH v2] security: Yama LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kees Cook <kees.cook@xxxxxxxxxxxxx> writes:
> +
> +config SECURITY_YAMA_SYMLINKS
> + bool "Yama: protect symlink following in sticky world-writable
> dirs"

IMHO it's bad style to have CONFIGs that just set defaults,
if that can be done at runtime too. Especially as in your case if it's
a lot of settings. Is it that bad to have a init script and drop these
CONFIGs?

However the help texts are useful, these should be in the sysctl
documentatin in Documentation instead.

> + if (rc) {
> + printk_ratelimited(KERN_INFO "ptrace of non-child"
> + " pid %d was attempted by: %s (pid %d)\n",
> + child->pid, get_task_comm(name, current),
> + current->pid);

It's probably obscure and other kernel code has this too, but at some point
there were attacks to use terminal ESC sequences to attack root's
terminal when they dmesg. Couldn't that be done through "comm" here?

At least the other code who has this problem doesn't claim to enhance
security :)

-Andi

--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jani Nikula: "Re: gpiolib and sleeping gpios"
Previous message: Frederic Weisbecker: "Re: [PATCH 12/40] x86, compat: convert ia32 layer to use"
In reply to: Kees Cook: "[PATCH v2] security: Yama LSM"
Next in thread: Kees Cook: "Re: [PATCH v2] security: Yama LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]