Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC]Oops while completing async USB via usbdevio

From: Linus Torvalds
Date: Fri Sep 30 2005 - 14:27:45 EST

Next message: Al Viro: "Re: kernel cross-toolchain (Gentoo)"
Previous message: Peter Zijlstra: "Re: [PATCH 3/7] CART - an advanced page replacement policy"
In reply to: Chris Wright: "Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio"
Next in thread: Chris Wright: "Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 30 Sep 2005, Chris Wright wrote:
>
> Sorry, I missed the thread up to this, but this looks fundamentally
> broken. The kill_proc_info_as_uid() idea is not sufficient because more
> than uid/euid are needed for permission check. There's capabilities and
> security labels.

Not for this particular USB use, there isn't. Since you can only send a
signal to yourself anyway, the uid/euid check is just testing that you're
still who you were.

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: kernel cross-toolchain (Gentoo)"
Previous message: Peter Zijlstra: "Re: [PATCH 3/7] CART - an advanced page replacement policy"
In reply to: Chris Wright: "Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio"
Next in thread: Chris Wright: "Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]