| 1 |
On Wed, Apr 26, 2006 at 09:38:02AM -0400, Joshua Brindle wrote: |
| 2 |
> Andrea Barisani wrote: |
| 3 |
> >Hi folks! |
| 4 |
> > |
| 5 |
> >I'd like to announce that Systrace is back in the portage tree, it consists |
| 6 |
> >of two packages: |
| 7 |
> > |
| 8 |
> >sys-apps/systrace |
| 9 |
> > |
| 10 |
> > |
| 11 |
> No, remove it. |
| 12 |
> >the userspace application that now features a ptrace backend in case the |
| 13 |
> >kernel patch is not installed. |
| 14 |
> > |
| 15 |
> >sys-kernel/systrace-sources |
| 16 |
> > |
| 17 |
> >this is standard kernel with our base patchset + systrace patch. |
| 18 |
> > |
| 19 |
> >We are trying to get this in hardened-sources as well, as I said you don't |
| 20 |
> >need the kernel patch to try this out, granted that the ptrace backend is |
| 21 |
> >much slower and really useful only for testing/debugging purposes, in the |
| 22 |
> >long run the patch is the way to go. |
| 23 |
> > |
| 24 |
> > |
| 25 |
> Absolutely not. |
| 26 |
> >Testing/feedback is appreciated. |
| 27 |
> > |
| 28 |
> > |
| 29 |
> |
| 30 |
> Systrace has a broken security model which allows, among other things, |
| 31 |
> privilege escalation. It is our (hardened) opinion that it is harmful to |
| 32 |
> security and the cause of hardened. I ask you to remove it. If you don't |
| 33 |
> we cannot and will not support it, and will discourage its use among our |
| 34 |
> users. |
| 35 |
> -- |
| 36 |
> gentoo-hardened@g.o mailing list |
| 37 |
> |
| 38 |
|
| 39 |
*sigh* |
| 40 |
|
| 41 |
I thought that this flamewar was dead. Ok, I kindly ask a hardened team |
| 42 |
review of this since I strongly believe this is not an issue, systrace is |
| 43 |
*not* a broken security model and yes it allows *controlled* privilege |
| 44 |
escalation if you configure it that way for removing the setuid but on some |
| 45 |
binaries. |
| 46 |
|
| 47 |
If you have an argument to make please show me the technical details about it |
| 48 |
and let's discuss it. |
| 49 |
|
| 50 |
It's *not* part of hardened atm anyway and it won't be unless the hardened |
| 51 |
team accepts it. It will remain in the portage tree as long as I support it |
| 52 |
unless you show me a clear demonstration of your concerns. |
| 53 |
|
| 54 |
BTW even with your concern the ptrace method (which can be entirely tested |
| 55 |
userspace) is still useful for debugging/testing, hence the userspace package |
| 56 |
has no reason for going away. |
| 57 |
|
| 58 |
CC'ing systrace author btw (not subscribed to this list). |
| 59 |
|
| 60 |
-- |
| 61 |
Andrea Barisani <lcars@g.o> .*. |
| 62 |
Gentoo Linux Infrastructure Developer V |
| 63 |
( ) |
| 64 |
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) |
| 65 |
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^ |
| 66 |
"Pluralitas non est ponenda sine necessitate" |
| 67 |
-- |
| 68 |
gentoo-security@g.o mailing list |
Archives