Re: [PATCH 00/22] Introduce credential record

From: Casey Schaufler
Date: Fri Sep 21 2007 - 12:04:47 EST

Next message: David Miller: "Re: [PATCH 1/2] bnx2: factor out gzip unpacker"
Previous message: Paulo Marques: "Re: [PATCH] Reduce __print_symbol/sprint_symbol stack usage. (v3)"
In reply to: David Howells: "Re: [PATCH 00/22] Introduce credential record"
Next in thread: David Howells: "Re: [PATCH 00/22] Introduce credential record"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- David Howells <dhowells@xxxxxxxxxx> wrote:

> Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
>
> > > One thing I'm not certain about is how this should interact with /proc,
> > > which can display some of the stuff in the cred struct. I think it may
> be
> > > necessary to have a real cred pointer and an effective cred pointer, with
> > > the contents of /proc coming from the real, but the effective governing
> > > what actually goes on.
> >
> > I think you want the effective values to show up in /proc.
>
> Perhaps - but bear in mind that in the override case they weren't set by the
> process itself.

They are nonetheless in effect and (heaven forbid) should they be
abused you don't want to hide the facts from concerned observers.

Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Miller: "Re: [PATCH 1/2] bnx2: factor out gzip unpacker"
Previous message: Paulo Marques: "Re: [PATCH] Reduce __print_symbol/sprint_symbol stack usage. (v3)"
In reply to: David Howells: "Re: [PATCH 00/22] Introduce credential record"
Next in thread: David Howells: "Re: [PATCH 00/22] Introduce credential record"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]