No changes per se, except that we do need an update to prevent the current false negatives that I'm getting. As Andrew said, we need to find a resilient way to compare two abstract bitsets. Andrew, do you think it's a reasonable idea for libcap to add a capcmp() function, which does a cap-by-cap analysis? It could just return 0/1, or it could return something more complicated - maybe 0 if equal, -1 if first is less privileged than second, 1 if opposite, and -2 otherwise. (Not sure what to do better about the -2 case :).
There should be a test for both proper ptrace and coredump behavior from unprivileged tasks to both setuid and more-privileged (filecaps) tasks. As far as I know there is no testcase for these. I have a todo item to write these, but it keeps getting pushed down so if someone else wants to write them that'd be swell. But these aren't in response to changes, just other testcases we need to write. Likewise, proper behavior in the face of setuid should be tested. -serge Quoting Andrew Morgan ([EMAIL PROTECTED]): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Serge and I have been discussing this test offline (there is a > get_cap_text() libcap change that I'm investigating that he wants to be > able to make the test more resilient in the face of newly added > capabilities). Since Serge is also reviewing these changes, I'm sure > he'll have something to say about enhancements to the test... > > Cheers > > Andrew > > Subrata Modak wrote: > | Hi Andrew, > | > | Do you feel that the corresponding filecaps test in LTP needs to be > | reviewed against the changes in Kernel filecaps. Do you remember that > | Sergei wrote this test case and you gave the review comments, after > | which we included the same inside LTP: > | > | http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/filecaps/ > | > | Regards-- > | Subrata > | > | On Thu, Jun 26, 2008 at 2:16 PM, Andrew G. Morgan <[EMAIL PROTECTED] > | <mailto:[EMAIL PROTECTED]>> wrote: > | > | Andrew, > | > | Configuring filesystem capabilities is still tagged experimental, and > | the effect of the "security fix" part of this change is conditional on > | filesystem capabilities being configured. This late in the rc cycle, I'm > | not convinced that the risk of this bugfix isn't greater than the > | benefit. > | > | If you disagree, there is another "security" problem with filesystem > | capabilities and strace, and I've been exploring the fix. This is also > | the last fix I think we need before we can remove the experimental > | attribute on filesystem capabilities. > | > | As such, I'll follow this up with four patches. The first two are > | bugfixes (affecting kernels configured with filesystem support); the > | third is the refactoring; and the fourth removes the experimental tag on > | filesystem capability support. > | > | Cheers > | > | Andrew > | > | Andrew Morton wrote: > | | On Fri, 20 Jun 2008 08:38:19 -0700 > | | "Andrew G. Morgan" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > | wrote: > | | > | |> From 8a2bffcb5363295ea43ef42c84c121a8e8c7ffa0 Mon Sep 17 00:00:00 > | 2001 > | |> From: Andrew G. Morgan <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > | |> Date: Fri, 20 Jun 2008 08:16:06 -0700 > | |> Subject: [PATCH] Refactor filesystem capability support in main > | kernel. > | |> > | [...] > | | This is one helluva large (security!) patch for so late in -rc. > | | > | | Could we please split out the bugfix for 2.6.26 (is it needed in > | 2.6.25 > | | too?) and hold the refactoring back for 2.6.27? > - -- > To unsubscribe from this list: send the line "unsubscribe > linux-kernel" in > the body of a message to [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > > | -- > | Regards & Thanks-- > | Subrata > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFIY7lm+bHCR3gb8jsRAuIuAJ9zKdeeU8cseqeZzGkB08rLBASwDgCfYcBv > Bctu3WqkB/FryaB4lRJZLe8= > =Zuc8 > -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
