Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges

From: Eric W. Biederman
Date: Wed Dec 30 2009 - 16:37:12 EST

Next message: Rafael J. Wysocki: "Re: [Bug #14887] suspend doesn't work on X200s"
Previous message: Eric W. Biederman: "Re: drm_vm.c:drm_mmap: possible circular locking dependency detected (was: Re: Linux 2.6.33-rc2 - Merry Christmas ...)"
In reply to: Alan Cox: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Next in thread: Alan Cox: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> writes:

>> Added bprm->nosuid to make remove the need to add
>> duplicate error prone checks. This ensures that
>> the disabling of suid executables is exactly the
>> same as MNT_NOSUID.
>
> Another fine example of why we have security hooks so that we don't get a
> kernel full of other "random security idea of the day" hacks.

Well it comes from plan 9. Except there they just simply did not
implement suid. What causes you to think dropping the ability
to execute suid executables is a random security idea of the day?

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rafael J. Wysocki: "Re: [Bug #14887] suspend doesn't work on X200s"
Previous message: Eric W. Biederman: "Re: drm_vm.c:drm_mmap: possible circular locking dependency detected (was: Re: Linux 2.6.33-rc2 - Merry Christmas ...)"
In reply to: Alan Cox: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Next in thread: Alan Cox: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]