Re: [Ksummit-discuss] security-related TODO items?

Ksummit-Discuss Archive mirror
 help / color / mirror / Atom feed

From: Andy Lutomirski <luto@amacapital.net>
To: Djalal Harouni <tixxdz@gmail.com>
Cc: Josh Armour <jarmour@google.com>,
	"ksummit-discuss@lists.linuxfoundation.org"
	<ksummit-discuss@lists.linuxfoundation.org>,
	Greg KH <gregkh@linuxfoundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [Ksummit-discuss] security-related TODO items?
Date: Tue, 7 Mar 2017 08:25:39 -0800	[thread overview]
Message-ID: <CALCETrWwTjenAhu6NbhWz91M-UNKBgm-oLWsf1jU0HP8rA-0Vw@mail.gmail.com> (raw)
In-Reply-To: <CAEiveUcTQK84qFNpYoET-cpSXJe0KYtnYQtp0uTPz=z0tc3W9A@mail.gmail.com>

On Tue, Mar 7, 2017 at 8:12 AM, Djalal Harouni <tixxdz@gmail.com> wrote:
>
>
> On Tue, Jan 24, 2017 at 3:38 AM, Andy Lutomirski <luto@amacapital.net>
> wrote:
>> On Fri, Jan 20, 2017 at 2:38 PM, Kees Cook <keescook@chromium.org> wrote:
>>> Hi,
>>>
>>> I've already got various Kernel Self-Protection Project TODO items
>>> collected[1] (of varying size and complexity), but recently Google's
>>> Patch Reward Program[2] is trying to expand by helping create a bounty
>>> program for security-related TODOs. KSPP is just one corner of
>>> interest in the kernel, and I'd love to know if any other maintainers
>>> have TODO items that they'd like to see get done (and Google would
>>> potentially provide bounty money for).
>>>
>>> Let me know your security wish-lists, and I'll collect them all into a
>>> single place. And if there is a better place than ksummit-discuss to
>>> reach maintainers, I'm all ears. LKML tends to mostly just serve as a
>>> public archive. :)
>>>
>>
>> Here's another one: split up and modernize /proc.
>>
>> I'm imagining a whole series of changes:
>>
>>  - Make a sysctlfs.  You could mount it and get all the sysctls if you
>> have global privilege.  If you only have privilege relative to some
>> namespace, you could pass a mount option like -o scope=net to get just
>> sysctls that belong to the mounting process' netns.  If done
>> carefully, this should be safe for unprivileged mounting without the
>> fs_fully_visible() checks.
>>
>>  - Teach procfs to understand mount options for real (per-superblock).
>> Shouldn't be that hard.
>
> I spent some time investigating this to advance in this option in order to
> improve procfs hidepid and replace that per task hidepid solution... the
> result: this proposition will break userspace in a real bad way...
>
> Since procfs is a virtual fs we always generate a new 'st_dev' device ID
> that's used to get the major and minor IDs for that device.

If necessary, we could change that for procfs and have the same st_dev
for mounts in the same pidns.

next prev parent reply	other threads:[~2017-03-07 16:26 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-20 22:38 [Ksummit-discuss] security-related TODO items? Kees Cook
2017-01-21  0:14 ` Andy Lutomirski
2017-01-21  0:26   ` Kees Cook
2017-01-21  1:10   ` Matthew Wilcox
2017-01-21  1:47   ` Josh Triplett
2017-01-23 10:02 ` Alexey Dobriyan
2017-01-23 10:48 ` David Howells
2017-01-23 20:10   ` Andy Lutomirski
     [not found]     ` <c1822e5b-9352-c1ab-ee98-e492ef6e156a@I-love.SAKURA.ne.jp>
2017-01-24 20:58       ` Andy Lutomirski
2017-01-23 20:36   ` David Howells
2017-01-23 20:59     ` Matthew Wilcox
2017-01-23 21:53       ` Andy Lutomirski
2017-01-23 23:26     ` Greg Ungerer
2017-01-23 20:15 ` Christoph Hellwig
2017-01-24  2:38 ` Andy Lutomirski
2017-01-24 10:03   ` Eric W. Biederman
2017-01-24 21:00     ` Andy Lutomirski
2017-01-24 21:55       ` Eric W. Biederman
2017-01-24 10:38   ` Alexey Dobriyan
     [not found]   ` <CAEiveUcTQK84qFNpYoET-cpSXJe0KYtnYQtp0uTPz=z0tc3W9A@mail.gmail.com>
2017-03-07 16:25     ` Andy Lutomirski [this message]
2017-02-02 21:12 ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALCETrWwTjenAhu6NbhWz91M-UNKBgm-oLWsf1jU0HP8rA-0Vw@mail.gmail.com \
    --to=luto@amacapital.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=jarmour@google.com \
    --cc=ksummit-discuss@lists.linuxfoundation.org \
    --cc=tixxdz@gmail.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).