Re: [PATCH] ptrace: it is fun to strace /sbin/init

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Stephen Smalley <sds@...>

Cc: Serge E. Hallyn <serue@...>, Oleg Nesterov <oleg@...>, Pavel Machek <pavel@...>, Andrew Morton <akpm@...>, Eric W. Biederman <ebiederm@...>, Pavel Emelyanov <xemul@...>, Roland McGrath <roland@...>, <linux-kernel@...>, Chris Wright <chrisw@...>, Andrew Morgan <morgan@...>, Linux Containers <containers@...>, Herbert Poetzl <herbert@...>

Subject: Re: [PATCH] ptrace: it is fun to strace /sbin/init

Date: Tuesday, March 25, 2008 - 2:06 pm

Quoting Stephen Smalley (sds@tycho.nsa.gov):
quoted text> 
> On Tue, 2008-03-25 at 08:40 -0500, Serge E. Hallyn wrote:
> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > > 
> > > On Tue, 2008-03-25 at 02:04 +0300, Oleg Nesterov wrote:
> > > > On 03/24, Pavel Machek wrote:
> > > > >
> > > > > > /sbin/init is important, but there are other important (and sometimes
> > > > > > much more important) services. Why it is so special so that we can't
> > > > > > debug/strace it?
> > > > > 
> > > > > Maybe. Let's kill /sbin/init protection in 2.6.26. But making it
> > > > > optional is wrong.
> > > > 
> > > > You are right, the boot parameter is silly. How about sysctl?
> > > > 
> > > > Stephen, do you see any security problems if we make /sbin/init
> > > > ptraceable by default?
> > > 
> > > Not an issue for SELinux (we apply an orthogonal check based on security
> > > context, so we can already block ptrace of init independent of whether
> > > root/CAP_SYS_PTRACE can do it).  I'm not sure though as to whether
> > > people using capabilities have ever relied on this special protection of
> > > init (e.g. custom init spawns children with lesser capabilities and
> > > relies on the fact that they cannot ptrace init to effectively re-gain
> > > those capabilities, even if they possess CAP_SYS_PTRACE).
> > 
> > Still thinking it through, but it seems like special casing init isn't
> > useful.  There are likely to be other tasks with all capabilities
> > set which the malicious task could just as well ptrace to do his
> > mischief, right?
> 
> Depends on the bounding set.  Didn't it used to be the case that only
> init had CAP_SETPCAP (until the meaning of it was changed by the
> filesystem capability support)?

Not quite.  CAP_SETPCAP was taken out of everyone's bounding set.  But
kernel/sysctl.c allowed only init to add capabilities to the bounding
set.  (Whereas CAP_SYS_MODULE was sufficient to remove them).

quoted text> Might want to double check with e.g. the vservers folks that they
> weren't relying in any way on special handling of init.

Herbert, Pavel, do you have objections to allowing ptrace of init?
(I believe Eric has already Acked the idea iirc?)

thanks,
-serge
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Sun Mar 23, 9:51 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 6:29 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 6:56 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:08 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 6:00 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Roland McGrath, (Tue Mar 25, 6:00 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Tue Mar 25, 1:42 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:16 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:22 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 10:47 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:56 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:30 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andi Kleen, (Tue Mar 25, 10:35 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Krzysztof Halasa, (Tue Mar 25, 10:58 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:29 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 12:01 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 12:40 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 6:39 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:04 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 8:03 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 9:40 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Stephen Smalley, (Tue Mar 25, 10:37 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Serge E. Hallyn, (Tue Mar 25, 2:06 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Emelyanov, (Wed Mar 26, 11:47 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Tue Mar 25, 5:55 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morgan, (Wed Mar 26, 11:31 am)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Herbert Poetzl, (Tue Mar 25, 3:07 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Pavel Machek, (Mon Mar 24, 7:09 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:18 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Andrew Morton, (Mon Mar 24, 7:26 pm)

Re: [PATCH] ptrace: it is fun to strace /sbin/init, Oleg Nesterov, (Mon Mar 24, 7:38 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Con Kolivas	Re: [ANNOUNCE] RSDL completely fair starvation free interactive cpu scheduler
debian developer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Steven Rostedt	Major regression on hackbench with SLUB
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
git:
Junio C Hamano	[0/4] What's not in 1.5.2 (overview)
Jan Hudec	Smart fetch via HTTP?
Peter Oberndorfer	Re: [StGIT PATCH] Don't use patches/<branch>/current
Nicolas Pitre	Re: git-index-pack really does suck..
openbsd-misc:
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Reyk Floeter	Re: hoststated(8): DNS Relay uses unexpected source IP address
Mark Zimmerman	Re: Samba(SMB) or Netatalk(AFP)?
Anselm R. Garbe	OpenBSD 4.0 / Xorg -> vesa 1920x1200 widescreen resolution
linux-activists:
hh	Hardware compatibility list
Doug Evans	Re: Stabilizing Linux
Linus Benedict Torvalds	More answers
Dave `geek' Gymer	WARNING (was Re: New afio release)

Latest forum posts


what is "callback function"?.can anyone explain me please..	12 hours ago	Linux general
unable to remove block device driver module	22 hours ago	Linux kernel
Is there anything like Real-time drivers?	2 days ago	Linux general
I can't allocate more than 4 MB with pci_alloc_consistent	2 days ago	Linux kernel
Resetting the bios password for Toshiba Laptop	2 days ago	Hardware
Kernel panic while installing fedora core 5 or ubuntu	3 days ago	Hardware
Interactive Linux kernel map	3 days ago	Linux kernel
unable to add a variable in buffer_head struct	3 days ago	Linux kernel
Linux Input driver - setting scaling/resolution on USB mouse	3 days ago	Linux kernel
Merging Of Two File Systems	5 days ago	Linux kernel

Show all forums...

Colocation donated by:

Online users

Syndicate