* Manfred Georg ([email protected]) wrote:
>
> On Wed, 8 Jun 2005, Alexander Nyberg wrote:
> >btw since the last discussion was about not changing the existing
> >interface and thus exposing security flaws, what about introducing
> >another prctrl that says maybe PRCTRL_ACROSS_EXECVE?
>
> Wasn't the original inherited set supposed take care of that?
The filesystem part was quite integral to the original intent.
> >Any new user-space applications must understand the implications of
> >using it so it's safe in that aspect. Yes?
>
> As far as I can tell, applying the patch from the earlier discussion
> and setting the inherited set has the same, "I really meant to do this"
> effect as what you propose.
>
> >(yeah it's rather silly since there already is an unused
> >keep_capabilities flag but that would change old interfaces so ok)
>
> Isn't the keep_capabilities flag related to setuid() ? or did I miss
> something.
Yes, it is, but it's tempting to reuse to really keep them. I think
that's the point.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]