* Andy Lutomirski: > On Wed, Jun 26, 2019 at 9:45 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote: >> >> * Andy Lutomirski: >> >> > Can’t an ELF note be done with some more or less ordinary asm such >> > that any link editor will insert it correctly? >> >> We've just been over this for the CET enablement. ELF PT_NOTE parsing >> was rejected there. > > No one told me this. Unless I missed something, the latest kernel > patches still had PT_NOTE parsing. Can you point me at an > enlightening thread or explain what happened? The ABI was changed rather late, and PT_GNU_PROPERTY has been added. But this is okay because the kernel only looks at the dynamic loader, which we can update fairly easily. The thread is: Subject: Re: [PATCH v7 22/27] binfmt_elf: Extract .note.gnu.property from an ELF file <87blyu7ubf.fsf@xxxxxxxxxxxxxxxxxxxxxxxxx> is a message reference in it. >> > The problem with a personality flag is that it needs to have some kind >> > of sensible behavior for setuid programs, and getting that right in a >> > way that doesn’t scream “exploit me” while preserving useful >> > compatibility may be tricky. >> >> Are restrictive personality flags still a problem with user namespaces? >> I think it would be fine to restrict this one to CAP_SYS_ADMIN. > > We could possibly get away with this, but now we're introducing a > whole new mechanism. I'd rather just add proper per-namespace > sysctls, but this is a pretty big hammer. Oh, I wasn't aware of that. I thought that this already existed in some form, e.g. prctl with PR_SET_SECCOMP requiring CAP_SYS_ADMIN unless PR_SET_NO_NEW_PRIVS was active as well. Thanks, Florian
