[rsbac] Re: rsbac 1.2.3
Amon Ott
ao at rsbac.org
Wed Jun 30 09:18:01 CEST 2004
On Dienstag, 29. Juni 2004 18:49, spender at grsecurity.net wrote:
> > I am looking forward to your bug reports. BTW, does this root user
require
> > specific Linux caps to break out of the jail? Only asking, I have no
> > details yet.
>
> No capabilities are required. The one method you've already solved in
> one way but don't realize/know that there are multiple ways to perform
> the same filesystem actions.
Thank you for the details, which you also gave me off-list. I acknowledge
that you really did find vulnerabilities, the consequence of which was
difficult for me to see without having any details.
I will fix those bugs that I can find and make an official bugfix
announcement on this list, and certainly I will give you due credit in the
description.
> > Right, good point. In some cases these sockets might have been useful
to
> > access info outside the jail. This has been fixed after spotting the
bug.
>
> Not only access, but inject arbitrary data into the stream, possibly
> causing a compromise of the application outside the jail, depending on
> its implementation.
This is a consequence which was not clear to me when finally finding the
bug.
> I guess my problem is that you choose not to differentiate between bugs
> and vulnerabilities. As a security conscious user, I would be very
> afraid of that. I believe that using 'bug' dilutes the importance of
> the matter and better describes some harmless thing in an interface
> where a user couldn't select a certain option, or something of the sort.
> I just don't think that most people, when they hear that there were
> bugfixes in a certain release will immediately think "fixed exploitable
> vulnerabilities." So I think the best thing for users, to urge them to
> update to these newer releases, is to call a bug a vulnerability if it
> is so, like in this case. But if your definition of bug is a
> vulnerability, then that's fine. I just think it's confusing and
> misleading to the users.
The general term in RSBAC has always been "bug", but there can be various
levels of severity. My estimation of the severity of these bugs was
different from yours, because I thought that it would require a lot of
extra knowledge to compromize a process outside the jail, which cannot
easily be seen in the first place. From previous bugfix announcements you
can see that I generally ask people to apply the fix ASAP, if I believe
the bug to be dangerous.
You have a point that people might have used version 1.2.2 JAIL module
without other modules, what leaves the system less protected than it
should be. My personal view of "good RSBAC practice" with additional RC
model encapsulation is probably not general practice.
We should settle the discussion here. I have stated before that I believe
you are doing great work on GRSecurity, and I never doubted your skill and
knowledge. It was only the way things happened that made me (and you)
angry.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: signature
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20040630/ae4f49e9/attachment.bin
More information about the rsbac
mailing list