Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges

From: Pavel Machek
Date: Fri Jan 01 2010 - 05:29:01 EST

Next message: Eric W. Biederman: "Re: RFC: disablenetwork facility. (v4)"
Previous message: KOSAKI Motohiro: "[PATCH] mm, lockdep: annotate reclaim context to zone reclaim too"
Next in thread: Alan Cox: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Added bprm->nosuid to make remove the need to add
> > duplicate error prone checks. This ensures that
> > the disabling of suid executables is exactly the
> > same as MNT_NOSUID.
>
> Another fine example of why we have security hooks so that we don't get a
> kernel full of other "random security idea of the day" hacks.

well... new unshare functionality depends on this. if unshare is
important enough, this may not be lsm.

(and disablenetwork *should* depend on this)
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: RFC: disablenetwork facility. (v4)"
Previous message: KOSAKI Motohiro: "[PATCH] mm, lockdep: annotate reclaim context to zone reclaim too"
Next in thread: Alan Cox: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]