On Wed, 2005-11-09 at 13:15, Miklos Szeredi wrote:
> > Yes there is some contradiction of some sorts on this. private-ness
> > means that the namespace must _not_ be accesible to processes
> > in other namespace. But 'file descriptor sent between two processes in
> > different namespaces' seems to break that guarantee.
>
> So..., are we going to check namespace in every file operation? How
> much do you want to bet, that it won't break any applications?
I don't know. May be there are applications out there that depend on
this. It depends on the definition of private-ness of namespace.
I am just saying that you raise a valid point.
I am not sure if fixing this behavior hurts more or soothes more,
Any idea?
RP
>
> > > Also with ptrace() you can still access other process's namespace, so
> > > proc_check_root() is also too strict (or ptrace() too lax).
> >
> > same here.
>
> You mean, that ptrace() _is_ too lax? Adding a namespace check to
> ptrace might well cause grief too.
>
> The real question is, how private do we want the namespace to be. I
> don't believe, we need to make it any more private than it currently
> is.
>
> Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]