From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id DBB9C122B5; Mon, 08 Dec 2025 21:19:39 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 2B065122A2; Mon, 08 Dec 2025 21:19:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fout-a6-smtp.messagingengine.com (fout-a6-smtp.messagingengine.com [103.168.172.149]) by atuin.qyliss.net (Postfix) with ESMTPS id F0728122A1 for ; Mon, 08 Dec 2025 21:19:35 +0000 (UTC) Received: from phl-compute-03.internal (phl-compute-03.internal [10.202.2.43]) by mailfout.phl.internal (Postfix) with ESMTP id D7D21EC06A1; Mon, 8 Dec 2025 16:19:33 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Mon, 08 Dec 2025 16:19:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1765228773; x=1765315173; bh=hNaTDW/zEX eybPMkSXPwpsi/1l6kvazaAI89TjrMrMw=; b=MewPeUPiw5sDKfuf8M6ND2PK7J CSqk5iIrUcm9T2hAv382pbXcpKChTFBnYAElGDhVUGUEAWj1U5z9eklrQ5wSw8W0 Jf9AbrmCMe2qee5ftcbcSewF0zfGyxtm82zb5bCIEn7hTcmXR5Ylws/RXgYwMeMg 27PpAY5B1uUI0SxKLzIP7K3I36QgwKsG5zxzHHkzhF1MUEG9yf2ELSJYZtN6SMCX /+rgPVW9a0DZc79j1sl3d7h+RwUptMT1LKTPgWR+DX8amcJjicKiIM6Wbp3PGv97 /QbmlKR38aEC2cHgd3kYpVIJFBjiaWBRJk1rXKe45umE93LqKaf1W18Po7AQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1765228773; x=1765315173; bh=hNaTDW/zEXeybPMkSXPwpsi/1l6kvazaAI8 9TjrMrMw=; b=bkPpote++kHNkOU95q8v1yvzLjNbVIOgjosOFzbe1hj96lEi8qp Nyt0P/VmOJroo5B9V0Y6U/aL98EXORH0XBRWIP/tiO1gWbTbvWIwFAWgFwiP0av1 Js9ZOsztTYBhavUiv6aTRYGQbQ5qHDscX7JSYH/IYMui8sss39i5Bg/dABXIwdXX VXT0JDCscsEq2I0vtAVZXC8jLVXBPcBMBITRMMZ9Of0wBRhN283QVjVyPjoYp4hy xfTG/uHsRTCKNAu+XXGIfFRgko/X8L1Zy3hy4SRKk+svZh1ozGiVlMooj0edCQCl ggUQQ+9FR5XRuM1MaLILrKrXswtGkQiNcQw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddujeejgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhvfevufgjfhffkfggtgesghdtreertddttdenucfhrhhomheptehlhihsshgrucft ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepieduffeuie elgfetgfdttddtkeekheekgfehkedufeevteegfeeiffetvdetueevnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrih hspdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegu vghmihhosggvnhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggvvhgvlhessh hpvggtthhruhhmqdhoshdrohhrgh X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 8 Dec 2025 16:19:33 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 9EDB05BC645B; Mon, 08 Dec 2025 22:19:22 +0100 (CET) From: Alyssa Ross To: Demi Marie Obenour Subject: Re: [PATCH] host/rootfs: Set no_new_privs in PID 1 In-Reply-To: <20251205-no-new-privs-v1-1-56cbdf7de44f@gmail.com> References: <20251205-no-new-privs-v1-1-56cbdf7de44f@gmail.com> Date: Mon, 08 Dec 2025 22:19:20 +0100 Message-ID: <87jyywllif.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: 2XMA7PJVAMBY7FP4OFP3LW5SLTMABGCH X-Message-ID-Hash: 2XMA7PJVAMBY7FP4OFP3LW5SLTMABGCH X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Spectrum OS Development X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Demi Marie Obenour writes: > This prevents any program on the host from gaining privileges via > execve(), ever. There are currently no such programs on the host so > this should be a no-op for now. > > Signed-off-by: Demi Marie Obenour > --- > host/rootfs/image/etc/init | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/host/rootfs/image/etc/init b/host/rootfs/image/etc/init > index 4085fa55545e7309004967e443e47fc2b82b0663..e9938acec866045962a8ead09= 6d199cbd3792469 100755 > --- a/host/rootfs/image/etc/init > +++ b/host/rootfs/image/etc/init > @@ -2,4 +2,4 @@ > # SPDX-License-Identifier: EUPL-1.2+ > # SPDX-FileCopyrightText: 2022 Alyssa Ross >=20=20 > -/bin/s6-linux-init -c /etc/s6-linux-init -s /run/param -- $@ > +/usr/bin/setpriv --no-new-privs -- /bin/s6-linux-init -c /etc/s6-linux-i= nit -s /run/param -- $@ Looks good, but it's a standard chainloader interface so should be on its own line. I'll fix that when I commit. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaTdA2QAKCRCZddwkt31p FTxIAP9Ku62jMiz+2ooq4LJtYJbfjd7ORss1Xl8Nvf5ZczAVCwD/VzxQvS3LnQ0t QA1exfe8nikyds/ywrOTOlm9uRazywI= =OLLP -----END PGP SIGNATURE----- --=-=-=--