Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges

From: Eric W. Biederman
Date: Thu Dec 31 2009 - 13:41:25 EST

Next message: Thanasis: "Re: [gentoo-user] RAM installed vs reported"
Previous message: Linus Torvalds: "Re: Ubuntu 32-bit, 32-bit PAE, 64-bit Kernel Benchmarks"
In reply to: Eric W. Biederman: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Next in thread: Serge E. Hallyn: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Andrew G. Morgan" <morgan@xxxxxxxxxx> writes:

> Since there is already independent support for disabling file
> capabilities (the privilege escalation part), I see these two
> mechanisms as separable.

I guess there is something that resembles support for disabling
privilege escalation. The problem is that it requires privilege to
use it.

I have no problem with expressing this in a fine grained manner internally
to the kernel but the user space interface needs to be atomic so that
we can enable this all without privilege.

Further I may be off but I think the implementation would be more
challenging than what I have already posted. That doesn't mean it
won't be more useful long term.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thanasis: "Re: [gentoo-user] RAM installed vs reported"
Previous message: Linus Torvalds: "Re: Ubuntu 32-bit, 32-bit PAE, 64-bit Kernel Benchmarks"
In reply to: Eric W. Biederman: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Next in thread: Serge E. Hallyn: "Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]