Re: 2.6.6-mm1

From: Christoph Hellwig
Date: Mon May 10 2004 - 16:39:12 EST

Next message: Davide Libenzi: "Re: Multithread select() bug"
Previous message: Andre Ben Hamou: "Multithread select() bug"
In reply to: Andrew Morton: "Re: 2.6.6-mm1"
Next in thread: Andrew Morton: "Re: 2.6.6-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> +hugetlb_shm_group-sysctl-patch.patch
>
> Add /proc/sys/vm/hugetlb_shm_group: this holds the group ID of users who may
> allocate hugetlb shm segments without CAP_IPC_LOCK. For Oracle.
>
> +mlock_group-sysctl.patch
>
> /proc/sys/vm/mlock_group: group ID of users who can do mlock() without
> CAP_IPC_LOCK. Not sure that we need this.

These two just introduced a subtile behaviour change during stable series,
possibly (not likely) leading to DoS opportunities from applications running
as gid 0. Really, with capabilities first and now selinux we have moved
away from treating uid 0 special, so introducing special casing of a gid
now is more than just braindead.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Davide Libenzi: "Re: Multithread select() bug"
Previous message: Andre Ben Hamou: "Multithread select() bug"
In reply to: Andrew Morton: "Re: 2.6.6-mm1"
Next in thread: Andrew Morton: "Re: 2.6.6-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]