Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kdbus in the kernel
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 21, 22, 23 ... 25, 26, 27  Next  
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5625
Location: Removed by Neddy

PostPosted: Fri Jul 17, 2015 9:52 am    Post subject: Reply with quote

Anon-E-moose wrote:


And quite frankly their attitude and lies are reasons for not having (k)dbus in the kernel.
Its a reason to be suspicious and drive closer review, but as a reason not to include it... dangerous territory, bordering on discrimination and thus opening the door for a coup.
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
gwr
Apprentice
Apprentice


Joined: 19 Nov 2014
Posts: 194

PostPosted: Fri Jul 17, 2015 11:18 am    Post subject: Reply with quote

From here: http://article.gmane.org/gmane.linux.kernel/1993918
Quote:
I wish we could, but we can't break programs that are currently running
today, that would be pretty mean.

thanks,

greg k-h


This is really cherry-picking an argument. As if it wouldn't be mean to consciously give them an insecure protocol. Or a second-rate one.

This "once crap, always crap" argument is bogus. Software migrates to new APIs every day. In fact, they expect hundreds of maintainers and developers to migrate to systemd every day.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6281

PostPosted: Fri Jul 17, 2015 11:31 am    Post subject: Reply with quote

gwr wrote:
Software migrates to new APIs every day.

Except for the kernel where it is a declared policy not to, and for a good reason. This is IMHO the main non-technical reason why kdbus has nothing lost in the kernel: The (almost explicitly stated) intention of the kdbus developers is to violate this kernel policy continuously in the future.
Back to top
View user's profile Send private message
gwr
Apprentice
Apprentice


Joined: 19 Nov 2014
Posts: 194

PostPosted: Fri Jul 17, 2015 11:39 am    Post subject: Reply with quote

mv wrote:
gwr wrote:
Software migrates to new APIs every day.

Except for the kernel where it is a declared policy not to, and for a good reason. This is IMHO the main non-technical reason why kdbus has nothing lost in the kernel: The (almost explicitly stated) intention of the kdbus developers is to violate this kernel policy continuously in the future.


You can make new APIs without changing old ones.
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Fri Jul 17, 2015 1:54 pm    Post subject: Reply with quote

Anon-E-moose wrote:
Indeed, the whole we can't change the inside of the code and leave the interface (API/ABi) alone is complete and utter BS.

I'm not quite following the grammar, only the sense there ;)

Those guys wouldn't know an ABI guarantee if it slapped them in the face, afaic.
Quote:
And quite frankly their attitude and lies are reasons for not having (k)dbus in the kernel.

Agreed; anyone who thinks provenance is irrelevant, is essentially a nub imo, with no experience of the real-world.

Or we'd all still be stuck on Windows®, dreaming of a better way to use our computers.
grw wrote:
[ Greg-KH] is really cherry-picking an argument. As if it wouldn't be mean to consciously give them an insecure protocol. Or a second-rate one.

Indeed; though he sounds like an affable sort of guy, doesn't he, and who wants to be mean..

That kind of psychobabble is fine^W legal in an advertisement (making people feel socially pressured is practically de-rigeur) but fundamentally flawed when it comes to a technical discussion.

But then, this is a propaganda campaign, carried out over "new" media, aimed at establishing RedHat as equivalent to Microsoft when it comes to buying Linux; not a process aimed at getting the best results for users.
That's the last thing on any of the Poeterring cabal's minds afaic, or we wouldn't have been subjected to so many breakages for so little benefit (I'd count it as negative) over the last 5-7 years.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6281

PostPosted: Fri Jul 17, 2015 4:49 pm    Post subject: Reply with quote

gwr wrote:
You can make new APIs without changing old ones

Yes, you can, but it means that you have to carry on the old API forever. I doesn't seem that this the intention of the kdbus developers (especially since, if I understood correctly, they desire to implement security issues in their first API attempts for compatibility with dbus1).
Back to top
View user's profile Send private message
ulenrich
Veteran
Veteran


Joined: 10 Oct 2010
Posts: 1374

PostPosted: Sat Jul 25, 2015 7:12 pm    Post subject: Reply with quote

mv wrote:
gwr wrote:
You can make new APIs without changing old ones

Yes, you can, but it means that you have to carry on the old API forever. I doesn't seem that this the intention of the kdbus developers (especially since, if I understood correctly, they desire to implement security issues in their first API attempts for compatibility with dbus1).

Yes, they carry the old api of dbus1 for compatibility. @mv, you criticized polkit use regarding dbus some months ago for exactly these flaws? Question for me as a new user of kdbus (thanks to Gentoo early adoption): Would kdbus respect any such an invocation of kdbus with a faked user from another user? @mv, can you tell a testing example?
_________________
fun2gen2
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6281

PostPosted: Sat Jul 25, 2015 9:15 pm    Post subject: Reply with quote

ulenrich wrote:
@mv, you criticized polkit use regarding dbus some months ago for exactly these flaws?

No, I criticized polkit by its mere existence: The idea to have a complex daemon running to nihilate UNIX permissions is completely broken. Whether the attack finally succeeds over a dbus race or some other backdoor - such a complex thing with an embeeded interpreter will always have some - plays no role. It is impossible to fix such a fundamentally flawed concept.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sun Jul 26, 2015 12:46 am    Post subject: Reply with quote

There is a red marked sentence point in this forum thread, which is incomprehensible, at around:

(this same topic)
https://forums.gentoo.org/viewtopic-t-1004624-start-475.html#7769446

mv wrote:
ulenrich wrote:
your red marked sentence is insinuating a motivation

Yeah, it was too aggressive. It is now removed.

While I agree that this might have been kind and humble to do by mv, can you guys now give some explanation to the reading public what that red marked sentence was about?
A big portion of that page is, now that line was removed, incomplete and incomprehensive talk, because the reading public can only be guessing what you people meant at that point, since that "red marked sentence" is mentioned in quite a few places.

EDIT: 2015-08-13 09:10+02:00
I only care for the general public to have easier reading, and not be driven away. It's also fine for me, it not being corrected, as you can see below, mv replied to this post. Just, it's better thinking about future readers when one deletes things. Thanks!
EDIT END

And you are suggested as:

Ignorant Guru's Blog wrote:
a good read for catching up on the sensationalized push to put kdbus into the kernel


and rightly so, it's really worth it, from places such as:

[IgnorantGuru's Blog]
kdbus: systemd’s Kid Cousin Come To Stay (No, Not PID 1, In Your Kernel, Silly)
[[ same address as in the quote ]]
https://igurublog.wordpress.com/2015/05/04/kdbus-systemds-kid-cousin-come-to-stay/
(find the link under: "This Gentoo forum thread").

Can some of you correct that incomprehensiveness? (no, not for me, forget me, for the reading public; and no, not in the next post below, but where that red marked sentence is, on page 20, probably, or even 19 --lost the track myself)

Thank you in advance!


Last edited by miroR on Thu Aug 13, 2015 7:13 am; edited 1 time in total
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 799

PostPosted: Sun Jul 26, 2015 4:18 am    Post subject: Reply with quote

i've enabled kdbus in kernel. may i disable/uninstall dbus?
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6281

PostPosted: Sun Jul 26, 2015 6:27 am    Post subject: Reply with quote

miroR wrote:
There is a red marked sentence point in this forum thread, which is incomprehensible

I removed the sentence for a reason. It contributed no new facts and does not help to understand something better. I do not want to repeat it.
Back to top
View user's profile Send private message
tclover
Guru
Guru


Joined: 10 Apr 2011
Posts: 516

PostPosted: Sun Jul 26, 2015 8:46 am    Post subject: Reply with quote

Perfect Gentleman wrote:
i've enabled kdbus in kernel. may i disable/uninstall dbus?

Do whatever you want with those crap bus and open new threads when appropriate for support (to avoid spamming and trolling here.) -- This is *not* a support thread in case you did not notice.

Thanks.
_________________
home/:mkinitramfs-ll/:supervision/:e-gtk-theme/:overlay/
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5625
Location: Removed by Neddy

PostPosted: Sun Jul 26, 2015 9:01 am    Post subject: Reply with quote

Perfect Gentleman wrote:
i've enabled kdbus in kernel. may i disable/uninstall dbus?
no, only systemd makes use of kdbus
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
ulenrich
Veteran
Veteran


Joined: 10 Oct 2010
Posts: 1374

PostPosted: Sun Jul 26, 2015 1:00 pm    Post subject: Reply with quote

Naib wrote:
Perfect Gentleman wrote:
i've enabled kdbus in kernel. may i disable/uninstall dbus?
no, only systemd makes use of kdbus
@Naib, you may well have a decisive opinion of things you don't know nothin' about. But don't contradict yourself: How should the only user systemd fake a wrong identity? Such would be a self-deception of systemD but not a security issue.

@mv, I am just thinking about the fake identity case, I get two in my mind:
1. user2user exploit:
UserB fakes identity of UserA and gets able to start something in the session of UserA.
2. system exploit case:
UserA has extended admin rights on a system. UserB has not but fakes UserA identity and is able to issue system commands.

As this is about dbus1 compatibility of kdbus, is this exploitation possible using traditional dbus?
_________________
fun2gen2
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5625
Location: Removed by Neddy

PostPosted: Sun Jul 26, 2015 1:58 pm    Post subject: Reply with quote

In what way was what I wrote wrong?
Right now systemd is the only thing geared up to make use of kdbus. All those nice dbus applications cannot speak via kdbus
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6281

PostPosted: Sun Jul 26, 2015 2:10 pm    Post subject: Reply with quote

ulenrich wrote:
As this is about dbus1 compatibility of kdbus, is this exploitation possible using traditional dbus?

I do not spend time looking for exploits, but when I think about the huge list of races which I had collected in a few hours and posted somewhere in this forum some weeks/months ago (which were not only in systmed but in many other consumers of dbus) I would be surprised if such exploits were not possible. Simply, I do not want to spend all of my time looking for bugs and/or hoping that the developers find these always quicker than any hacker: If I wanted this, I could use windows as well. I prefer to have a system for which it is rather unlikely to contain any critical security vulnerability at all. With policykit, it is impossible to have such a system, with classical unix permissions it is not a big deal.
Back to top
View user's profile Send private message
saellaven
Guru
Guru


Joined: 23 Jul 2006
Posts: 508

PostPosted: Sun Jul 26, 2015 3:37 pm    Post subject: Reply with quote

mv wrote:
ulenrich wrote:
As this is about dbus1 compatibility of kdbus, is this exploitation possible using traditional dbus?

I do not spend time looking for exploits, but when I think about the huge list of races which I had collected in a few hours and posted somewhere in this forum some weeks/months ago (which were not only in systmed but in many other consumers of dbus) I would be surprised if such exploits were not possible. Simply, I do not want to spend all of my time looking for bugs and/or hoping that the developers find these always quicker than any hacker: If I wanted this, I could use windows as well. I prefer to have a system for which it is rather unlikely to contain any critical security vulnerability at all. With policykit, it is impossible to have such a system, with classical unix permissions it is not a big deal.


What we're looking at is a design flaw in security.

It's like having a locked door with an open window next to it because your design specs say that there always has to be an open window next to the lock. You can redesign that lock all you want in an effort to improve it's security. You could even theoretically make the lock impossible to open and yet someone can still just enter through the window.

kdbus, being a completely new IPC method, could have removed the prior design flaw... but instead, they chose to keep it in. Anyone reviewing the code knows full well that it is a fundamental flaw in design, though apparently the kdbus devs weren't insightful enough to see that themselves. Rather than take the time to fix the design now before it becomes widely used, the solution is to just keep it there and hope nobody ever comes along and hops through the open window.

Much of the rest of the systemd/freedesktop.org stack is full of these types of things because it's amateur hour over there. They have an agenda and the agenda has nothing to do with security. The worst part, is they are all intentionally interconnected and linked into code executing in PID1, meaning that open window next to the lock could easily lead right inside your bank vault (because a vault has a lock too). Unfortunately, distro maintainers, in an effort to do as little work as possible, largely jumped on board, leaving us in the situation where these people will have domain over the majority of Linux boxes in the future. It's going to bring the same vulnerabilities that Microsoft brought, where again, security was always an afterthought, and you might as well just mark every kdbussystemd pwned going forward.
Back to top
View user's profile Send private message
ulenrich
Veteran
Veteran


Joined: 10 Oct 2010
Posts: 1374

PostPosted: Sun Jul 26, 2015 10:15 pm    Post subject: Reply with quote

With kdbus in the kernel the big Linux companies will sell their customers a special feature: The employees of the customers get a large window of privilege escalation. It is to show: Everyone can be the boss everywhere.
I would like to see this feature in business :)
But maybe there is just a fool on the hill looking down the valley ...
_________________
fun2gen2


Last edited by ulenrich on Sun Jul 26, 2015 10:37 pm; edited 1 time in total
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1696

PostPosted: Sun Jul 26, 2015 10:26 pm    Post subject: Reply with quote

They will probably call this a race condition requiring polkit to monitor the kernel that's monitoring everything else (including polkit).
Back to top
View user's profile Send private message
gwr
Apprentice
Apprentice


Joined: 19 Nov 2014
Posts: 194

PostPosted: Tue Jul 28, 2015 3:10 pm    Post subject: Reply with quote

ct85711 wrote:
They will probably call this a race condition requiring polkit to monitor the kernel that's monitoring everything else (including polkit).


Mexican standoff.
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5625
Location: Removed by Neddy

PostPosted: Thu Aug 06, 2015 7:27 pm    Post subject: Reply with quote

There seems to be a kdbus USE flag on the kernel now...
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
baaann
Guru
Guru


Joined: 23 Jan 2006
Posts: 548
Location: uk

PostPosted: Fri Aug 07, 2015 8:36 pm    Post subject: Reply with quote

Naib wrote:
There seems to be a kdbus USE flag on the kernel now...


Mike Pagano is following the Gentoo philosophy of offering choice and adds a disclaimer
Quote:
NOTE: This is not some kind of Gentoo endorsement of kdbus. Nor is it a Mike Pagano endorsement of kdbus
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Sun Aug 09, 2015 8:35 am    Post subject: Reply with quote

I thought Gentoo wasn't about choice any more, and Linux has never been about choice, or at least that's what I swore I read at least a few times on the developer ML.

Apparently it's about choice when Poeterring et al's work is up for inclusion, and thereafter it's not; or something.

Note: I'm fine with the option. I just wish the last sentence didn't describe so much of what I see happening.
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3956
Location: Dallas area

PostPosted: Mon Aug 10, 2015 10:14 am    Post subject: Reply with quote

Yamakuzure wrote:
Naib wrote:
popcorn time.

An NSA employee has waded into the mess that is KDBUS

http://lkml.iu.edu/hypermail/linux/kernel/1507.1/01758.html

It appears KDBUS has the ability to fake credentials because a solution for all the userland DBUS applications had to be found :)
I'd like to read all those, but http://lkml.iu.edu/hypermail/ is emtpy. (and all links go 404)


They've been back up since the 1st of the month (some problem on their end)


Edit to add: It was working fine for the last few days, but it seems a little flaky today. *shrugs*
_________________
Asus m5a99fx, FX 8320 - nouveau, oss4, rx550 for qemu passthrough
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
5.0.13 zen kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 8.2.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3956
Location: Dallas area

PostPosted: Mon Aug 10, 2015 8:15 pm    Post subject: Reply with quote

From the "kdbus: to merge or not to merge?" thread on lkml. https://lkml.org/lkml/2015/8/10/693

Quote:
Anyway, the real issue for me here is that Andy is reporting all these
actual real problems that happen in practice, and the developer
replies are dismissing them on totally irrelevant grounds ("this
should be equivalent to something entirely different that nobody ever
does" or "well, people could opt out, even if they didn't" yadda yadda
yadda).

For example, the whole "tasks X and Y communicate over shmem" is
irrelevant. Normally, when people write those kinds of applications,
they are just regular applications. If they have issues, nobody else
cares. Andy's concern is about one of X/Y being a system daemon and
tricking it into doing bad things ends up effectively killing the
system - whether the *kernel* is alive or not and did the right thing
is almost entirely immaterial.

So please. When Andy sends a bug report with a exploit that kills his
system, just stop responding with irrelevant theoretical arguments. It
is not appropriate. Instead, acknowledge the problem and work on
fixing it, none of this "but but but it's all the same" crap.

Linus


And yet another person noticing that the (k)dbus devs are just dismissing any and all criticisms.
At this rate, Linus may just decide to have them on the same footing as BFS, which is NOT included in the kernel, but the patches are easy to apply.
_________________
Asus m5a99fx, FX 8320 - nouveau, oss4, rx550 for qemu passthrough
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
5.0.13 zen kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 8.2.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Goto page Previous  1, 2, 3 ... 21, 22, 23 ... 25, 26, 27  Next
Page 22 of 27

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum