On Wed, Apr 26, 2006 at 09:38:02AM -0400, Joshua Brindle wrote:
> Andrea Barisani wrote:
> >Hi folks!
> >
> >I'd like to announce that Systrace is back in the portage tree, it consists
> >of two packages:
> >
> >sys-apps/systrace
> >
> >
> No, remove it.
> >the userspace application that now features a ptrace backend in case the
> >kernel patch is not installed.
> >
> >sys-kernel/systrace-sources
> >
> >this is standard kernel with our base patchset + systrace patch.
> >
> >We are trying to get this in hardened-sources as well, as I said you don't
> >need the kernel patch to try this out, granted that the ptrace backend is
> >much slower and really useful only for testing/debugging purposes, in the
> >long run the patch is the way to go.
> >
> >
> Absolutely not.
> >Testing/feedback is appreciated.
> >
> >
>
> Systrace has a broken security model which allows, among other things,
> privilege escalation. It is our (hardened) opinion that it is harmful to
> security and the cause of hardened. I ask you to remove it. If you don't
> we cannot and will not support it, and will discourage its use among our
> users.
> --
> gentoo-hardened@gentoo.org mailing list
>
*sigh*
I thought that this flamewar was dead. Ok, I kindly ask a hardened team
review of this since I strongly believe this is not an issue, systrace is
*not* a broken security model and yes it allows *controlled* privilege
escalation if you configure it that way for removing the setuid but on some
binaries.
If you have an argument to make please show me the technical details about it
and let's discuss it.
It's *not* part of hardened atm anyway and it won't be unless the hardened
team accepts it. It will remain in the portage tree as long as I support it
unless you show me a clear demonstration of your concerns.
BTW even with your concern the ptrace method (which can be entirely tested
userspace) is still useful for debugging/testing, hence the userspace package
has no reason for going away.
CC'ing systrace author btw (not subscribed to this list).
--
Andrea Barisani <[EMAIL PROTECTED]> .*.
Gentoo Linux Infrastructure Developer V
( )
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( )
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^
"Pluralitas non est ponenda sine necessitate"
--
gentoo-security@gentoo.org mailing list
