Re: Security issues with local filesystem caching

Ar Iau, 2006-10-26 am 01:32 +0100, ysgrifennodd Al Viro:
> to.  What about access to cache tree by root process that has nothing
> to do with that daemon?  Should it get free access to that stuff, regardless
> of what policy might say about access to cached files?  Or should we at
> least try to make sure that we have the instances in cache no more permissive
> than originals on NFS?

This is already the case however. Root has ptrace, people have /proc
access (even more than before because the chroot check was broken
recently), root has CAP_SYS_RAWIO.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- Security issues with local filesystem caching
  - From: David Howells <[email protected]>
- Re: Security issues with local filesystem caching
  - From: Alan Cox <[email protected]>
- Re: Security issues with local filesystem caching
  - From: Al Viro <[email protected]>

Prev by Date: [PATCH 1/5] lock_cpu_hotplug:Redesign - Fix coding style issues in cpufreq.
Next by Date: [PATCH 2/5] lock_cpu_hotplug:Redesign - remove lock_cpu_hotplug from hot-cpu_callback path in cpufreq.
Previous by thread: Re: Security issues with local filesystem caching
Next by thread: Re: Security issues with local filesystem caching
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]