> > That's a great indication of why securelevels aren't. > It pretty much fits the Linux model of "once you're root, you can do > anything". The POSIX Capabilities really don't help either. > I suppose SELinux might be able to help, but I don't care to get into > that discussion here ;-) And there is the root exploit found by Coverity this week too: http://news.yahoo.com/s/zd/20060502/tc_zd/177195 X is multiple megabytes of code needlessly running as root. If we could convince X to use device drivers to talk to the hardware it wouldn't need to run as root. This is part of why I am against this patch, it is another crutch to let X keep on running as root instead of fixing the underlying problem.
That root hole is weeks old by now, just got to yahoo today, what you say is true, however we can't just turn all the things in Linux off that make X run as root, and then say go fix X we don't care. There are steps to be taken, unfortunately they are neither pretty or can be done really quickly.... Dave/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- References:
- Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: Arjan van de Ven <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: "Jon Smirl" <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: Arjan van de Ven <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: "Jon Smirl" <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: Arjan van de Ven <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: "Jon Smirl" <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: "Dave Airlie" <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: "Jon Smirl" <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: Matthew Wilcox <[email protected]>
- Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- From: "Jon Smirl" <[email protected]>
- Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- Prev by Date: Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- Next by Date: Re: [patch 11/14] remap_file_pages protection support: pte_present should not trigger on PTE_FILE PROTNONE ptes
- Previous by thread: Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- Next by thread: Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access
- Index(es):
 |