Re: RFC: disablenetwork facility. (v4)

From: Eric W. Biederman
Date: Tue Dec 29 2009 - 23:29:48 EST

Next message: Eric W. Biederman: "Re: [RFC][PATCH] Unprivileged: Disable acquisition of privileges"
Previous message: David Miller: "[GIT]: Networking"
In reply to: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Next in thread: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Serge E. Hallyn" <serue@xxxxxxxxxx> writes:

>> In common cap we drop the new capabilities if we are being ptraced.
>> Look for brm->unsafe.
>
> Yes - that isn't the issue.

Right. Sorry. I saw that we set unsafe and totally
missed that we don't act on it in that case.

> It goes back to finding a way to figure out what is inside the
> file when the installer obviously thought we shouldn't be able
> to read the file.
>
> Do we care? <shrug>

<shrug>

I expect two lines of testing bprm->unsafe and failing
at the right point would solve that.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: [RFC][PATCH] Unprivileged: Disable acquisition of privileges"
Previous message: David Miller: "[GIT]: Networking"
In reply to: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Next in thread: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]