1 |
On Wed, Apr 26, 2006 at 09:38:02AM -0400, Joshua Brindle wrote: |
2 |
> Andrea Barisani wrote: |
3 |
> >Hi folks! |
4 |
> > |
5 |
> >I'd like to announce that Systrace is back in the portage tree, it consists |
6 |
> >of two packages: |
7 |
> > |
8 |
> >sys-apps/systrace |
9 |
> > |
10 |
> > |
11 |
> No, remove it. |
12 |
> >the userspace application that now features a ptrace backend in case the |
13 |
> >kernel patch is not installed. |
14 |
> > |
15 |
> >sys-kernel/systrace-sources |
16 |
> > |
17 |
> >this is standard kernel with our base patchset + systrace patch. |
18 |
> > |
19 |
> >We are trying to get this in hardened-sources as well, as I said you don't |
20 |
> >need the kernel patch to try this out, granted that the ptrace backend is |
21 |
> >much slower and really useful only for testing/debugging purposes, in the |
22 |
> >long run the patch is the way to go. |
23 |
> > |
24 |
> > |
25 |
> Absolutely not. |
26 |
> >Testing/feedback is appreciated. |
27 |
> > |
28 |
> > |
29 |
> |
30 |
> Systrace has a broken security model which allows, among other things, |
31 |
> privilege escalation. It is our (hardened) opinion that it is harmful to |
32 |
> security and the cause of hardened. I ask you to remove it. If you don't |
33 |
> we cannot and will not support it, and will discourage its use among our |
34 |
> users. |
35 |
> -- |
36 |
> gentoo-hardened@g.o mailing list |
37 |
> |
38 |
|
39 |
*sigh* |
40 |
|
41 |
I thought that this flamewar was dead. Ok, I kindly ask a hardened team |
42 |
review of this since I strongly believe this is not an issue, systrace is |
43 |
*not* a broken security model and yes it allows *controlled* privilege |
44 |
escalation if you configure it that way for removing the setuid but on some |
45 |
binaries. |
46 |
|
47 |
If you have an argument to make please show me the technical details about it |
48 |
and let's discuss it. |
49 |
|
50 |
It's *not* part of hardened atm anyway and it won't be unless the hardened |
51 |
team accepts it. It will remain in the portage tree as long as I support it |
52 |
unless you show me a clear demonstration of your concerns. |
53 |
|
54 |
BTW even with your concern the ptrace method (which can be entirely tested |
55 |
userspace) is still useful for debugging/testing, hence the userspace package |
56 |
has no reason for going away. |
57 |
|
58 |
CC'ing systrace author btw (not subscribed to this list). |
59 |
|
60 |
-- |
61 |
Andrea Barisani <lcars@g.o> .*. |
62 |
Gentoo Linux Infrastructure Developer V |
63 |
( ) |
64 |
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) |
65 |
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^ |
66 |
"Pluralitas non est ponenda sine necessitate" |
67 |
-- |
68 |
gentoo-security@g.o mailing list |