torvalds@transmeta.com (Linus Torvalds) wrote on 27.08.00 in <Pine.LNX.4.10.10008272054590.11428-100000@penguin.transmeta.com>:
> On Sun, 27 Aug 2000, Alexander Viro wrote:
> >
> > Linus, there is no need in new mask for execve().
>
> What you're saying is "there are other ways to accomplish this". And I
> kind of agree. I still think the dynamic mask is the preferable option.
>
> > We have two actions:
> > 1. create a VM set up according to the contents of binary
>
> Sure. Another ELF marker, whatever. It would work, and probably cover the
> needs. Especially as "the needs" aren't that big, as this has actually
> never come up except as a theoretical discussion ;).
Just don't forget that some of this unsharing may be necessary for
security reasons. Specifically, when you execve() a suid program, you
probably should automatically unshare everything.
MfG Kai
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 31 2000 - 21:00:28 EST