Re: PATCH: signals security

Rik van Riel (
Fri, 22 May 1998 12:01:13 +0200 (MET DST)

On Fri, 22 May 1998, Alexander Kjeldaas wrote:

> > Exporting it in /proc probably _is_ a good idea.
> > You can just disallow access to other users and
> > return zero when p->euid!=p->uid.
> Exporting cap_used is a good idea. I still don't think exporting
> cap_dirty is a good idea since you have to know that none of the bits
> in cap_dirty were tainted in a process whose euid!=current->euid.

We should probably make the cap_dirty only readable to
someone with uid=p->euid or uid=0. My idea about not
exporting the cap_dirty on an uid change was a really
bad one, now I think about it some more :)

| Linux: - LinuxHQ MM-patches page | Scouting webmaster |
| - kswapd ask-him & complain-to guy | Vries cubscout leader |
| | <> |

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to