Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

From: Christoph Lameter
Date: Tue Nov 10 2015 - 10:25:49 EST

Next message: John Stultz: "Re: [PATCH v2 1/7] timekeeping: introduce __current_kernel_time64"
Previous message: Aleksa Sarai: "Re: [PATCH] cgroup_pids: add fork limit"
In reply to: Klaus Ethgen: "Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] [PATCH] Kernel 4.3 breaks security in systems using capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 10 Nov 2015, Theodore Ts'o wrote:

> If you want to create a patch, my recommendation would be to do one
> that turns off ambient capabilities as a CONFIG option, and hide it
> under CONFIG_EXPERT. Or maybe adding a new securebit which disables
> ambient capabilities. Whether or not that will be acceptable
> upstream, I don't know, mainly because I think a strong case can be

That is already available and was submitted with the patch.

commit 746bf6d64275be0c65b0631d8a72b16f1454cfa1
Author: Andy Lutomirski <luto@xxxxxxxxxx>
Date: Fri Sep 4 15:42:51 2015 -0700

capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISE

Per Andrew Morgan's request, add a securebit to allow admins to disable
PR_CAP_AMBIENT_RAISE. This securebit will prevent processes from adding
capabilities to their ambient set.

For simplicity, this disables PR_CAP_AMBIENT_RAISE entirely rather than
just disabling setting previously cleared bits.

Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>
Acked-by: Andrew G. Morgan <morgan@xxxxxxxxxx>
Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Christoph Lameter <cl@xxxxxxxxx>
Cc: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Aaron Jones <aaronmdjones@xxxxxxxxx>
Cc: Ted Ts'o <tytso@xxxxxxx>
Cc: Andrew G. Morgan <morgan@xxxxxxxxxx>
Cc: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Cc: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Cc: Markku Savela <msa@xxxxxxxxxxx>
Cc: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
Cc: Michael Kerrisk <mtk.manpages@xxxxxxxxx>
Cc: James Morris <james.l.morris@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Stultz: "Re: [PATCH v2 1/7] timekeeping: introduce __current_kernel_time64"
Previous message: Aleksa Sarai: "Re: [PATCH] cgroup_pids: add fork limit"
In reply to: Klaus Ethgen: "Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] [PATCH] Kernel 4.3 breaks security in systems using capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]