Re: [PATCH] exec: Only allow a threaded init to exec from the thread_group_leader

[email protected] (Eric W. Biederman) wrote:
>
>  If process id namespaces become a reality init stops being
>  terribly special, and becomes something you may have several
>  of running at any one time.  If one of those inits is compromised
>  by a hostile user I having the whole system go down so we can
>  avoid executing a cheap test sounds terribly wrong.  That is
>  why I really care.

Wouldn't it be better to do nothing until/unless there's some code in the
kernel or init which actually needs the change?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH] exec: Only allow a threaded init to exec from the thread_group_leader
  - From: Pavel Machek <[email protected]>

References:
- [PATCH] exec: Only allow a threaded init to exec from the thread_group_leader
  - From: [email protected] (Eric W. Biederman)
- Re: [PATCH] exec: Only allow a threaded init to exec from the thread_group_leader
  - From: Andrew Morton <[email protected]>
- Re: [PATCH] exec: Only allow a threaded init to exec from the thread_group_leader
  - From: [email protected] (Eric W. Biederman)

Prev by Date: Re: [PATCH] fbdev: Fix usage of blank value passed to fb_blank
Next by Date: Re: CD writing in future Linux try #2 [ was: Re: CD writing in future Linux (stirring up a hornets' nest) ]
Previous by thread: Re: [PATCH] exec: Only allow a threaded init to exec from the thread_group_leader
Next by thread: Re: [PATCH] exec: Only allow a threaded init to exec from the thread_group_leader
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]