Re: Security issues with local filesystem caching

From: Alan Cox
Date: Thu Oct 26 2006 - 06:52:30 EST

Next message: Gautham R Shenoy: "[PATCH 2/5] lock_cpu_hotplug:Redesign - remove lock_cpu_hotplug from hot-cpu_callback path in cpufreq."
Previous message: Gautham R Shenoy: "[PATCH 1/5] lock_cpu_hotplug:Redesign - Fix coding style issues in cpufreq."
In reply to: Al Viro: "Re: Security issues with local filesystem caching"
Next in thread: David Howells: "Re: Security issues with local filesystem caching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ar Iau, 2006-10-26 am 01:32 +0100, ysgrifennodd Al Viro:
> to. What about access to cache tree by root process that has nothing
> to do with that daemon? Should it get free access to that stuff, regardless
> of what policy might say about access to cached files? Or should we at
> least try to make sure that we have the instances in cache no more permissive
> than originals on NFS?

This is already the case however. Root has ptrace, people have /proc
access (even more than before because the chroot check was broken
recently), root has CAP_SYS_RAWIO.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gautham R Shenoy: "[PATCH 2/5] lock_cpu_hotplug:Redesign - remove lock_cpu_hotplug from hot-cpu_callback path in cpufreq."
Previous message: Gautham R Shenoy: "[PATCH 1/5] lock_cpu_hotplug:Redesign - Fix coding style issues in cpufreq."
In reply to: Al Viro: "Re: Security issues with local filesystem caching"
Next in thread: David Howells: "Re: Security issues with local filesystem caching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]