Re: [PATCH] ptrace: use fsuid, fsgid, effective creds for fs access checks

2015-11-09 Thread Andrew Morton
On Mon, 9 Nov 2015 22:12:09 +0100 Jann Horn wrote: > > > Can we do > > > > #define PTRACE_foo (PTRACE_MODE_READ|PTRACE_MODE_FSCREDS) > > > > to avoid all that? > > Hm. All combinations of the PTRACE_MODE_*CREDS flags with > PTRACE_MODE_{READ,ATTACH} plus optionally

Re: [PATCH] ptrace: use fsuid, fsgid, effective creds for fs access checks

2015-11-09 Thread Andrew Morton
On Sun, 8 Nov 2015 13:08:36 +0100 Jann Horn wrote: > By checking the effective credentials instead of the real UID / > permitted capabilities, ensure that the calling process actually > intended to use its credentials. > > To ensure that all ptrace checks use the correct caller

Re: [PATCH] per-process securebits

2008-02-04 Thread Andrew Morton
On Mon, 4 Feb 2008 18:17:22 + Pavel Machek [EMAIL PROTECTED] wrote: On Fri 2008-02-01 20:07:01, James Morris wrote: On Fri, 1 Feb 2008, Andrew Morton wrote: Really? I'd feel a lot more comfortable if yesterday's version 1 had led to a stream of comments from suitably

Re: [PATCH] per-process securebits

2008-01-30 Thread Andrew Morton
On Wed, 30 Jan 2008 23:02:30 -0800 Andrew G. Morgan [EMAIL PROTECTED] wrote: With filesystem capabilities it is now possible to do away with (set)uid-0 based privilege and use capabilities instead. Historically, this was first attempted with a kernel-global set of securebits. That

Re: [patch, rfc] mm.h, security.h, key.h and preventing namespace poisoning

2007-12-25 Thread Andrew Morton
On Thu, 20 Dec 2007 15:11:40 +1100 (EST) James Morris [EMAIL PROTECTED] wrote: +#ifdef CONFIG_SECURITY +extern unsigned long mmap_min_addr; +#endif + #include asm/page.h #include asm/pgtable.h #include asm/processor.h Fine by me. I'll queue it for -mm 2.6.25. I

Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33

2007-11-27 Thread Andrew Morton
On Mon, 26 Nov 2007 12:38:56 -0800 Casey Schaufler [EMAIL PROTECTED] wrote: From: Casey Schaufler [EMAIL PROTECTED] This patch takes advantage of the increase in capability bits to allocate capabilities for Mandatory Access Control. Whereas Smack was overloading a previously allocated

Re: [PATCH] 64bit capability support (legacy support fix)

2007-11-21 Thread Andrew Morton
On Wed, 21 Nov 2007 11:10:51 -0600 Serge E. Hallyn [EMAIL PROTECTED] wrote: Quoting Andrew Morton ([EMAIL PROTECTED]): On Sat, 17 Nov 2007 21:25:27 -0800 Andrew Morgan [EMAIL PROTECTED] wrote: The attached patch (171282b3553fcec43b9ab615eb7daf6c2b494a87) applies against 2.6.24-rc2-mm1

Re: [PATCH] (2.6.24-rc3 -mm only) Smack Version 11c Simplified Mandatory Access Control Kernel

2007-11-20 Thread Andrew Morton
On Tue, 20 Nov 2007 11:04:32 -0800 (PST) Casey Schaufler [EMAIL PROTECTED] wrote: --- Casey Schaufler [EMAIL PROTECTED] wrote: From: Casey Schaufler [EMAIL PROTECTED] ... I have verified this version against broken-out-2007-11-20-01-45 as well. Compiles, boots, and passes tests.

Re: [PATCH] (2.6.24-rc3 -mm only) Smack Version 11c Simplified Mandatory Access Control Kernel

2007-11-20 Thread Andrew Morton
On Mon, 19 Nov 2007 21:54:37 -0800 Casey Schaufler [EMAIL PROTECTED] wrote: From: Casey Schaufler [EMAIL PROTECTED] Smack is the Simplified Mandatory Access Control Kernel. This patch seems bigger than the first version ;) random-trivial-comments-just-to-show-i-read-it: +static int

Re: [PATCH] 64bit capability support (legacy support fix)

2007-11-20 Thread Andrew Morton
On Sat, 17 Nov 2007 21:25:27 -0800 Andrew Morgan [EMAIL PROTECTED] wrote: The attached patch (171282b3553fcec43b9ab615eb7daf6c2b494a87) applies against 2.6.24-rc2-mm1. It addresses the problem reported by Kevin and Andy - ultimately, the legacy support wasn't transparent. In particular,

Re: [PATCH 2/2] Version 11 (2.6.24-rc2) Smack: Simplified Mandatory Access Control Kernel

2007-11-12 Thread Andrew Morton
On Thu, 08 Nov 2007 20:48:52 -0800 Casey Schaufler [EMAIL PROTECTED] wrote: Smack is the Simplified Mandatory Access Control Kernel. This ran afoul of http://userweb.kernel.org/~akpm/mmotm/broken-out/vfs-security-rework-inode_getsecurity-and-callers-to.patch Until that patch gets merged we'll

Re: [PATCH] 64 bit capabilities

2007-11-09 Thread Andrew Morton
On Wed, 07 Nov 2007 23:44:49 -0800 Andrew Morgan [EMAIL PROTECTED] wrote: The attached patch (e3d27bcb07485a6c8927c8e4f5483d35a99680c3) adds 64-bit capability support to the kernel. This version of the patch is designed to apply against the 2.6.23-mm1 tree. FWIW libcap-2.00 supports this

Re: [RFC] [PATCH 2/2] capabilities: implement 64-bit capabilities

2007-10-17 Thread Andrew Morton
On Tue, 16 Oct 2007 16:41:59 -0500 Serge E. Hallyn [EMAIL PROTECTED] wrote: To properly test this the libcap code will need to be updated first, which I'm looking at now... This seems fairly significant. I asusme that this patch won't break presently-deployed libcap? - To unsubscribe from

Re: [RFC] [PATCH 2/2] capabilities: implement 64-bit capabilities

2007-10-17 Thread Andrew Morton
On Wed, 17 Oct 2007 21:59:20 -0500 Serge E. Hallyn [EMAIL PROTECTED] wrote: Quoting Andrew Morton ([EMAIL PROTECTED]): On Tue, 16 Oct 2007 16:41:59 -0500 Serge E. Hallyn [EMAIL PROTECTED] wrote: To properly test this the libcap code will need to be updated first, which I'm looking

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

2007-09-30 Thread Andrew Morton
On Sat, 29 Sep 2007 17:20:36 -0700 Casey Schaufler [EMAIL PROTECTED] wrote: Smack is the Simplified Mandatory Access Control Kernel. I don't know enough about security even to be dangerous. I went back and reviewed the August thread from your version 1 submission and the message I take away

Re: [PATCH try #3] security: Convert LSM into a static interface

2007-07-24 Thread Andrew Morton
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris [EMAIL PROTECTED] wrote: Convert LSM into a static interface allmodconfig broke security/built-in.o: In function `rootplug_bprm_check_security': security/root_plug.c:64: undefined reference to `usb_find_device' security/root_plug.c:70:

Re: [PATCH try #3] security: Convert LSM into a static interface

2007-07-24 Thread Andrew Morton
On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH [EMAIL PROTECTED] wrote: On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote: On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris [EMAIL PROTECTED] wrote: Convert LSM into a static interface allmodconfig broke security

Re: [AppArmor 00/44] AppArmor security module overview

2007-06-26 Thread Andrew Morton
On Tue, 26 Jun 2007 16:07:56 -0700 [EMAIL PROTECTED] wrote: This post contains patches to include the AppArmor application security framework, with request for inclusion into -mm for wider testing. Patches 24 and 31 didn't come through. Rolled-up diffstat (excluding 2431): fs/attr.c

Re: [AppArmor 00/44] AppArmor security module overview

2007-06-26 Thread Andrew Morton
On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen [EMAIL PROTECTED] wrote: so... where do we stand with this? Fundamental, irreconcilable differences over the use of pathname-based security? There certainly seems to be some differences of opinion over the use of