Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Sat, Nov 07, 2015 at 12:02:47PM +0100, Klaus Ethgen wrote: > Hi Guys, > > Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn: > > I would have been happy if there had been a default-off PR_ENABLE_AMBIENT > > prctl which required a new CAP_ENABLE_AMBIENT capability to turn on, but > > the

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Sat, Nov 07, 2015 at 12:02:47PM +0100, Klaus Ethgen wrote: > Hi Guys, > > Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn: > > I would have been happy if there had been a default-off PR_ENABLE_AMBIENT > > prctl which required a new CAP_ENABLE_AMBIENT capability to turn on, but > > the

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Guys, Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn: > On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote: > > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o: > > > In the light of that, using things like ambient

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Guys, Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn: > On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote: > > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o: > > > In the light of that, using things like ambient

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote: > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o: > > In the light of that, using things like ambient capabilities, or using > > setuid binary that immediately drops all caps that it needs, is > > probably the best we're going to

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 06, 2015 at 09:51:15AM -0800, Casey Schaufler wrote: > On 11/6/2015 7:53 AM, Theodore Ts'o wrote: > > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: > >> But that left out completely the, I think more important, usecase of > >> _removing_ SUID completely and _replacing_

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o: > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: > > But that left out completely the, I think more important, usecase of > > _removing_ SUID completely and _replacing_ it with

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On 11/6/2015 7:53 AM, Theodore Ts'o wrote: > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: >> But that left out completely the, I think more important, usecase of >> _removing_ SUID completely and _replacing_ it with very tight capability >> setting. And that is what I always

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 6, 2015 at 7:53 AM, Theodore Ts'o wrote: > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: >> But that left out completely the, I think more important, usecase of >> _removing_ SUID completely and _replacing_ it with very tight capability >> setting. And that is what I

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: > But that left out completely the, I think more important, usecase of > _removing_ SUID completely and _replacing_ it with very tight capability > setting. And that is what I always talked about. I don't believe this is ever going to

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Do den 5. Nov 2015 um 23:08 schrieb Serge E. Hallyn: > On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote: > > On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA512 > >

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: > But that left out completely the, I think more important, usecase of > _removing_ SUID completely and _replacing_ it with very tight capability > setting. And that is what I always talked about. I don't believe this is ever going to

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 6, 2015 at 7:53 AM, Theodore Ts'o wrote: > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: >> But that left out completely the, I think more important, usecase of >> _removing_ SUID completely and _replacing_ it with very tight capability >> setting. And

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Do den 5. Nov 2015 um 23:08 schrieb Serge E. Hallyn: > On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote: > > On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote: > > > -BEGIN PGP SIGNED MESSAGE-

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On 11/6/2015 7:53 AM, Theodore Ts'o wrote: > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: >> But that left out completely the, I think more important, usecase of >> _removing_ SUID completely and _replacing_ it with very tight capability >> setting. And that is what I always

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o: > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: > > But that left out completely the, I think more important, usecase of > > _removing_ SUID completely and _replacing_ it with

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 06, 2015 at 09:51:15AM -0800, Casey Schaufler wrote: > On 11/6/2015 7:53 AM, Theodore Ts'o wrote: > > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote: > >> But that left out completely the, I think more important, usecase of > >> _removing_ SUID completely and _replacing_

Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: [KERNEL] Re: Kernel 4.3 breaks security in systems using capabilities

On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote: > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o: > > In the light of that, using things like ambient capabilities, or using > > setuid binary that immediately drops all caps that it needs, is > > probably the best we're going to