change coming with maverick's 2.6.34-5 kernels
Kees Cook
kees at ubuntu.com
Tue Jun 1 22:13:35 BST 2010
On Tue, Jun 01, 2010 at 06:42:40PM +0100, Matthew Garrett wrote:
> On Tue, Jun 01, 2010 at 10:38:02AM -0700, Kees Cook wrote:
> > On Tue, Jun 01, 2010 at 06:26:34PM +0100, Matthew Garrett wrote:
> > > So set it with pam_cap, and then hand it back to individual applications
> > > with a policy?
> >
> > Presently there isn't a middle-ground between CAP_SYS_PTRACE (of all
> > processes) and "PTRACE of my processes".
>
> Yes, but I don't think that's the distinction you need to provide the
> security you want - and doing it this way avoids unexpectedly breaking
> developer applications.
This discussion ended up on IRC, but to give a quick summary for those
following this mailing list thread, IIUC:
CAP_SYS_PTRACE can't be used because it imparts too much power, and
fine-grained LSM policy can't be used, at least with AppArmor, since it
lacks a sense of "default policy".
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list