Alan Cox wrote:
On Gwe, 2005-08-26 at 19:02 +0800, Coywolf Qi Hunt wrote:
3) admins can `promote' a suspect process instead of killing it.
Is it also generally useful in practice? Thoughts?
The locking is wrong. At the moment the entire kernel assumes that a
process uid is not changed by anyone else. After you've implemented uid
locking/refcounting for tasks you can add the syscall but until then its
not a good idea. I don't think its a good idea anyway - selinux can do
far more useful things.
Indeed. "Also it's not obvious that locking can be done right (or that
anybody cares). "
We can ignore it safely. sys_promote is a different approach from
selinux. sys_promote is to let sysadmin manually manipulate a running
process,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|