Re: compute_creds fixup in -mm

From: Chris Wright
Date: Wed Apr 21 2004 - 13:59:57 EST

Next message: Sveinung Kvilhaugsvik: "Not able to read BSD-disklables (newer 2.4 and 2.6)"
Previous message: Justin Pryzby: "2.6.5, 2.6.6-rc2 sluggish interrupts"
In reply to: Stephen Smalley: "Re: compute_creds fixup in -mm"
Next in thread: Andy Lutomirski: "Re: compute_creds fixup in -mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> On Wed, 2004-04-21 at 14:28, Chris Wright wrote:
> > * Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> > > I didn't see Chris' patch. I assume that the worst case is unexpected
> > > program failure due to lack of capability, right? The SELinux security
> >
> > The opposite. You'd get a program with non-root euid, but full
> > capability set, and AT_SECURE set false. My patch is below.
>
> Sorry, I wasn't clear. I meant the worst case due to the share/ptrace
> state check being duplicated in SELinux and in commoncap, as opposed to
> being performed once as in Andy's patch.

Ah, indeed.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sveinung Kvilhaugsvik: "Not able to read BSD-disklables (newer 2.4 and 2.6)"
Previous message: Justin Pryzby: "2.6.5, 2.6.6-rc2 sluggish interrupts"
In reply to: Stephen Smalley: "Re: compute_creds fixup in -mm"
Next in thread: Andy Lutomirski: "Re: compute_creds fixup in -mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]