On Wed, Nov 29, 2017 at 07:35:31PM -0500, Theodore Ts'o wrote:
> On Wed, Nov 29, 2017 at 11:28:52AM -0600, Serge E. Hallyn wrote:
> >
> > Just to be clear, module loading requires - and must always continue to
> > require - CAP_SYS_MODULE against the initial user namespace. Containers
> > in
On Wed, Nov 29, 2017 at 07:35:31PM -0500, Theodore Ts'o wrote:
> On Wed, Nov 29, 2017 at 11:28:52AM -0600, Serge E. Hallyn wrote:
> >
> > Just to be clear, module loading requires - and must always continue to
> > require - CAP_SYS_MODULE against the initial user namespace. Containers
> > in
On Wed, Nov 29, 2017 at 11:28:52AM -0600, Serge E. Hallyn wrote:
>
> Just to be clear, module loading requires - and must always continue to
> require - CAP_SYS_MODULE against the initial user namespace. Containers
> in user namespaces do not have that.
>
> I don't believe anyone has ever
On Wed, Nov 29, 2017 at 11:28:52AM -0600, Serge E. Hallyn wrote:
>
> Just to be clear, module loading requires - and must always continue to
> require - CAP_SYS_MODULE against the initial user namespace. Containers
> in user namespaces do not have that.
>
> I don't believe anyone has ever
On Wed, Nov 29, 2017 at 2:45 PM, Linus Torvalds
wrote:
> On Wed, Nov 29, 2017 at 7:58 AM, David Miller wrote:
>>
>> We're talking about making sure that loading "ppp.ko" really gets
>> ppp.ko rather than some_other_module.ko renamed to ppp.ko
On Wed, Nov 29, 2017 at 2:45 PM, Linus Torvalds
wrote:
> On Wed, Nov 29, 2017 at 7:58 AM, David Miller wrote:
>>
>> We're talking about making sure that loading "ppp.ko" really gets
>> ppp.ko rather than some_other_module.ko renamed to ppp.ko via some
>> other mechanism.
>>
>> Both modules have
On Wed, Nov 29, 2017 at 7:58 AM, David Miller wrote:
>
> We're talking about making sure that loading "ppp.ko" really gets
> ppp.ko rather than some_other_module.ko renamed to ppp.ko via some
> other mechanism.
>
> Both modules have legitimate signatures so the kernel will
On Wed, Nov 29, 2017 at 7:58 AM, David Miller wrote:
>
> We're talking about making sure that loading "ppp.ko" really gets
> ppp.ko rather than some_other_module.ko renamed to ppp.ko via some
> other mechanism.
>
> Both modules have legitimate signatures so the kernel will happily
> load both.
Quoting Theodore Ts'o (ty...@mit.edu):
> Half the problem here is that with containers, people are changing the
> security model, because they want to let untrusted users have "root",
> without really having "root". Part of the fundamental problem is that
> there are some well-meaning, but
Quoting Theodore Ts'o (ty...@mit.edu):
> Half the problem here is that with containers, people are changing the
> security model, because they want to let untrusted users have "root",
> without really having "root". Part of the fundamental problem is that
> there are some well-meaning, but
On Wed, Nov 29, 2017 at 10:58:16AM -0500, David Miller wrote:
> That's not what we're talking about.
>
> We're talking about making sure that loading "ppp.ko" really gets
> ppp.ko rather than some_other_module.ko renamed to ppp.ko via some
> other mechanism.
Right, and the best solution to this
On Wed, Nov 29, 2017 at 10:58:16AM -0500, David Miller wrote:
> That's not what we're talking about.
>
> We're talking about making sure that loading "ppp.ko" really gets
> ppp.ko rather than some_other_module.ko renamed to ppp.ko via some
> other mechanism.
Right, and the best solution to this
From: Theodore Ts'o
Date: Wed, 29 Nov 2017 10:54:06 -0500
> On Wed, Nov 29, 2017 at 09:50:14AM -0500, David Miller wrote:
>> From: Alan Cox
>> Date: Wed, 29 Nov 2017 13:46:12 +
>>
>> > I really don't care what the module loading rules end up with
From: Theodore Ts'o
Date: Wed, 29 Nov 2017 10:54:06 -0500
> On Wed, Nov 29, 2017 at 09:50:14AM -0500, David Miller wrote:
>> From: Alan Cox
>> Date: Wed, 29 Nov 2017 13:46:12 +
>>
>> > I really don't care what the module loading rules end up with and
>> > whether we add
On Wed, Nov 29, 2017 at 09:50:14AM -0500, David Miller wrote:
> From: Alan Cox
> Date: Wed, 29 Nov 2017 13:46:12 +
>
> > I really don't care what the module loading rules end up with and
> > whether we add CAP_SYS_YET_ANOTHER_MEANINGLESS_FLAG but what is
> >
On Wed, Nov 29, 2017 at 09:50:14AM -0500, David Miller wrote:
> From: Alan Cox
> Date: Wed, 29 Nov 2017 13:46:12 +
>
> > I really don't care what the module loading rules end up with and
> > whether we add CAP_SYS_YET_ANOTHER_MEANINGLESS_FLAG but what is
> > actually needed is to properly
From: Alan Cox
Date: Wed, 29 Nov 2017 13:46:12 +
> I really don't care what the module loading rules end up with and
> whether we add CAP_SYS_YET_ANOTHER_MEANINGLESS_FLAG but what is
> actually needed is to properly incorporate it into securiy ruiles
> for
From: Alan Cox
Date: Wed, 29 Nov 2017 13:46:12 +
> I really don't care what the module loading rules end up with and
> whether we add CAP_SYS_YET_ANOTHER_MEANINGLESS_FLAG but what is
> actually needed is to properly incorporate it into securiy ruiles
> for whatever LSM you are using.
I'm
On Tue, 28 Nov 2017 13:39:58 -0800
Kees Cook wrote:
> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
> > And *all* auto-loading uses aliases? What's the difference between
> > auto-loading
> > and direct-loading?
>
> The difference is the
On Tue, 28 Nov 2017 13:39:58 -0800
Kees Cook wrote:
> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
> > And *all* auto-loading uses aliases? What's the difference between
> > auto-loading
> > and direct-loading?
>
> The difference is the process privileges. Unprivilged
On Tue, Nov 28, 2017 at 11:48:49PM +0100, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 02:18:18PM -0800, Kees Cook wrote:
> > On Tue, Nov 28, 2017 at 2:12 PM, Luis R. Rodriguez
> > wrote:
> > > On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
> > >> On Tue, Nov
On Tue, Nov 28, 2017 at 11:48:49PM +0100, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 02:18:18PM -0800, Kees Cook wrote:
> > On Tue, Nov 28, 2017 at 2:12 PM, Luis R. Rodriguez
> > wrote:
> > > On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
> > >> On Tue, Nov 28, 2017 at 1:16
On Tue, Nov 28, 2017 at 11:18 PM, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 10:33:27PM +0100, Djalal Harouni wrote:
>> On Tue, Nov 28, 2017 at 10:16 PM, Luis R. Rodriguez
>> wrote:
>> > On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
>>
On Tue, Nov 28, 2017 at 11:18 PM, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 10:33:27PM +0100, Djalal Harouni wrote:
>> On Tue, Nov 28, 2017 at 10:16 PM, Luis R. Rodriguez
>> wrote:
>> > On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
>> >> On Tue, Nov 28, 2017 at 11:14 AM,
On Tue, Nov 28, 2017 at 02:18:18PM -0800, Kees Cook wrote:
> On Tue, Nov 28, 2017 at 2:12 PM, Luis R. Rodriguez wrote:
> > On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
> >> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez
> >> wrote:
> >> >
On Tue, Nov 28, 2017 at 02:18:18PM -0800, Kees Cook wrote:
> On Tue, Nov 28, 2017 at 2:12 PM, Luis R. Rodriguez wrote:
> > On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
> >> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez
> >> wrote:
> >> > And *all* auto-loading uses aliases?
On Tue, Nov 28, 2017 at 10:33:27PM +0100, Djalal Harouni wrote:
> On Tue, Nov 28, 2017 at 10:16 PM, Luis R. Rodriguez wrote:
> > On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
> >> On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez
> >> wrote:
On Tue, Nov 28, 2017 at 10:33:27PM +0100, Djalal Harouni wrote:
> On Tue, Nov 28, 2017 at 10:16 PM, Luis R. Rodriguez wrote:
> > On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
> >> On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez
> >> wrote:
> >> > kmod is just a helper to poke
On Tue, Nov 28, 2017 at 2:12 PM, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
>> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
>> > And *all* auto-loading uses aliases? What's the difference between
>> >
On Tue, Nov 28, 2017 at 2:12 PM, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
>> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
>> > And *all* auto-loading uses aliases? What's the difference between
>> > auto-loading
>> > and direct-loading?
On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
> > And *all* auto-loading uses aliases? What's the difference between
> > auto-loading
> > and direct-loading?
>
> The difference is the process privileges.
On Tue, Nov 28, 2017 at 01:39:58PM -0800, Kees Cook wrote:
> On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
> > And *all* auto-loading uses aliases? What's the difference between
> > auto-loading
> > and direct-loading?
>
> The difference is the process privileges. Unprivilged
On Tue, Nov 28, 2017 at 10:16 PM, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
>> On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez
>> wrote:
>> > kmod is just a helper to poke userpsace to load a module, that's
On Tue, Nov 28, 2017 at 10:16 PM, Luis R. Rodriguez wrote:
> On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
>> On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez
>> wrote:
>> > kmod is just a helper to poke userpsace to load a module, that's it.
>> >
>> > The old init_module() and
On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
> And *all* auto-loading uses aliases? What's the difference between
> auto-loading
> and direct-loading?
The difference is the process privileges. Unprivilged autoloading
(e.g. int n_hdlc = N_HDLC; ioctl(fd,
TIOCSETD,
On Tue, Nov 28, 2017 at 1:16 PM, Luis R. Rodriguez wrote:
> And *all* auto-loading uses aliases? What's the difference between
> auto-loading
> and direct-loading?
The difference is the process privileges. Unprivilged autoloading
(e.g. int n_hdlc = N_HDLC; ioctl(fd,
TIOCSETD, _hdlc)), triggers
On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
> On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez wrote:
> > kmod is just a helper to poke userpsace to load a module, that's it.
> >
> > The old init_module() and newer finit_module() do the real handy work or
> >
On Tue, Nov 28, 2017 at 12:11:34PM -0800, Kees Cook wrote:
> On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez wrote:
> > kmod is just a helper to poke userpsace to load a module, that's it.
> >
> > The old init_module() and newer finit_module() do the real handy work or
> > module loading, and
Hi Luis,
On Tue, Nov 28, 2017 at 8:14 PM, Luis R. Rodriguez wrote:
> On Mon, Nov 27, 2017 at 06:18:34PM +0100, Djalal Harouni wrote:
> ...
>
>> After a discussion with Rusty Russell [1], the suggestion was to pass
>> the capability from request_module() to
Hi Luis,
On Tue, Nov 28, 2017 at 8:14 PM, Luis R. Rodriguez wrote:
> On Mon, Nov 27, 2017 at 06:18:34PM +0100, Djalal Harouni wrote:
> ...
>
>> After a discussion with Rusty Russell [1], the suggestion was to pass
>> the capability from request_module() to security_kernel_module_request()
>> for
On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez wrote:
> kmod is just a helper to poke userpsace to load a module, that's it.
>
> The old init_module() and newer finit_module() do the real handy work or
> module loading, and both currently only use may_init_module():
>
>
On Tue, Nov 28, 2017 at 11:14 AM, Luis R. Rodriguez wrote:
> kmod is just a helper to poke userpsace to load a module, that's it.
>
> The old init_module() and newer finit_module() do the real handy work or
> module loading, and both currently only use may_init_module():
>
> static int
On Mon, Nov 27, 2017 at 06:18:34PM +0100, Djalal Harouni wrote:
...
> After a discussion with Rusty Russell [1], the suggestion was to pass
> the capability from request_module() to security_kernel_module_request()
> for 'netdev-%s' modules that need CAP_NET_ADMIN, and after review from
> Kees
On Mon, Nov 27, 2017 at 06:18:34PM +0100, Djalal Harouni wrote:
...
> After a discussion with Rusty Russell [1], the suggestion was to pass
> the capability from request_module() to security_kernel_module_request()
> for 'netdev-%s' modules that need CAP_NET_ADMIN, and after review from
> Kees
Hi Randy,
On Mon, Nov 27, 2017 at 7:48 PM, Randy Dunlap wrote:
> Hi,
>
> Mostly typos/spellos...
>
>
> On 11/27/2017 09:18 AM, Djalal Harouni wrote:
>> Cc: Serge Hallyn
>> Cc: Andy Lutomirski
>> Suggested-by: Rusty Russell
Hi Randy,
On Mon, Nov 27, 2017 at 7:48 PM, Randy Dunlap wrote:
> Hi,
>
> Mostly typos/spellos...
>
>
> On 11/27/2017 09:18 AM, Djalal Harouni wrote:
>> Cc: Serge Hallyn
>> Cc: Andy Lutomirski
>> Suggested-by: Rusty Russell
>> Suggested-by: Kees Cook
>> Signed-off-by: Djalal Harouni
>> ---
Hi,
Mostly typos/spellos...
On 11/27/2017 09:18 AM, Djalal Harouni wrote:
> Cc: Serge Hallyn
> Cc: Andy Lutomirski
> Suggested-by: Rusty Russell
> Suggested-by: Kees Cook
> Signed-off-by: Djalal Harouni
Hi,
Mostly typos/spellos...
On 11/27/2017 09:18 AM, Djalal Harouni wrote:
> Cc: Serge Hallyn
> Cc: Andy Lutomirski
> Suggested-by: Rusty Russell
> Suggested-by: Kees Cook
> Signed-off-by: Djalal Harouni
> ---
> include/linux/kmod.h | 65
>
48 matches
Mail list logo