Re: syscall: sys_promote

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2005-08-29 at 16:16 +0800, Coywolf Qi Hunt wrote:
> Bernd Petrovitsch wrote:
[...]
> >(almost) every tool may become a security problem.
> >If you fear a bug in sudo, then write a minimal setuid wrapper for
> >yourself which checks for the user it started and exec's a binary (with
> >the full path name specified).
> >And even then - dependent on other details of the setup - you have the
> >gap of security problems (or misuse) because of holes in the security.
> 
> But if we make sure a tool doesn't introduce any new secrutiy problem, 
> that's good enough.

ACK. That's basically the idea behind "write 15 lines of C code and be
absolutely sure that there is no problem in there".

[...]
> >What does the user do if the process terminates (for whatever reason)
> >and must be restarted by the user (manually or auutomatically)?
> 
> If we worry that, we'd make a persistent OS instead.
> 
> >Basically I can see no need for "one time in history" actions. A daemon
> >can terminate and must be restarted (it may even be a software bug that
> >causes this and this doesn't change anything that the daemon's admin
> >must restart it *now*). The machine may reboot for whatever reason .... 
> 
> The US space shuttle certainly can auto pilot, so it doesn't need a 
> control panel.
> And If anything fails, NASA  just launch another ship?

I didn't realize that you are working on (one-time) Space Shuttle
software.
I assumed average servers, services and environment ....

	Bernd
-- 
Firmix Software GmbH                   http://www.firmix.at/
mobil: +43 664 4416156                 fax: +43 1 7890849-55
          Embedded Linux Development and Services

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux