Re: compute_creds fixup in -mm

From: Stephen Smalley
Date: Wed Apr 21 2004 - 13:44:46 EST

Next message: Jean Delvare: "Re: Permissions on include/video/neomagic.h"
Previous message: Sam Hopkins: "Re: AoE inclusion into 2.4.x"
In reply to: Chris Wright: "Re: compute_creds fixup in -mm"
Next in thread: Chris Wright: "Re: compute_creds fixup in -mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-04-21 at 14:28, Chris Wright wrote:
> * Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> > I didn't see Chris' patch. I assume that the worst case is unexpected
> > program failure due to lack of capability, right? The SELinux security
>
> The opposite. You'd get a program with non-root euid, but full
> capability set, and AT_SECURE set false. My patch is below.

Sorry, I wasn't clear. I meant the worst case due to the share/ptrace
state check being duplicated in SELinux and in commoncap, as opposed to
being performed once as in Andy's patch.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jean Delvare: "Re: Permissions on include/video/neomagic.h"
Previous message: Sam Hopkins: "Re: AoE inclusion into 2.4.x"
In reply to: Chris Wright: "Re: compute_creds fixup in -mm"
Next in thread: Chris Wright: "Re: compute_creds fixup in -mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]