Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jul 2011 13:00:53 +0400
From: Vasiliy Kulikov <>
Subject: Re: -ow features


On Sat, Jul 23, 2011 at 20:27 +0400, Solar Designer wrote:
> Can you please post a summary on the status of -ow patch features as it
> relates to mainline acceptance of their equivalents?

Sorry for the delay, I didn't somehow noticed this email.


The code similar to -ow patch is ready, but it doesn't handle DSO cases
of stack usage.  I've described the problem here:


The code similar to -ow patch is ready, but I don't know how it should
be implemented relative to LSM/seccomp/etc.  It looks like a small
feature, which is not consistent with current upstream security
architecture.  I've described the problem here:

Without the major change of the configuration mechanism it's impossible
to get it applied.


It is a part of Linux for many years.  Distros may setup their own
mmap_min_addr limit and the default is 64K.  So, I don't see what can be
improved here.


These are implemented in YAMA LSM.  Kees Cook's last attempt (AFAIK) is:

James Morris' reaction:

So, the issue is that LSM guys say that LSM is the place where only
enhanced access control schemes may be located, but VFS folks
say that all similar non-POSIX restrictions should go into LSM as a
configurable security feature (extern relative to VFS).  This
inconsistency is really nasty :(


The patch as in -ow received negative response from Andrew Morton as too

I'm working on it.  The demonstration is:


The discussion:

The latest patch:

(It has already got a Reviewed-by from James, which is very good.)


The patch:

It was applied first to -mm tree, now it is merged into Linus' linux-2.6
tree (it will be part of Linux 3.1).

Special handling of fd 0,1,2 (Linux 2.0/2.2) for set*id

It is handled in glibc now by opening /dev/{null,full}, however, I see
(minor) drawbacks:

1) It's possible to have a chroot without polluted /dev/, so setuid
inside of chroot might fail to reopen fds.

2) It's not handled in other libc implementations.

Other than that, it already works.

Privileged IP aliases (Linux 2.0)

I think it was fully obsoleted with network namespaces.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.