Re: [PATCH] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve fromgranting privs

From: John Johansen
Date: Fri Jan 13 2012 - 08:45:27 EST

Next message: Javi Merino: "Re: [PATCH] ARM: pl330: fix null pointer dereference in pl330_chan_ctrl()"
Previous message: Shawn Guo: "Re: [RFC v2 4/9] of: add clock providers"
In reply to: John Johansen: "Re: [PATCH] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve fromgranting privs"
Next in thread: Oleg Nesterov: "Re: [PATCH] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve fromgranting privs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/13/2012 03:12 AM, Andy Lutomirski wrote:
> With this set, a lot of dangerous operations (chroot, unshare, etc)
> become a lot less dangerous because there is no possibility of
> subverting privileged binaries.
>
> This patch completely breaks apparmor. Someone who understands (and
> uses) apparmor should fix it or at least give me a hint.
>

This should fix apparmor

---

Next message: Javi Merino: "Re: [PATCH] ARM: pl330: fix null pointer dereference in pl330_chan_ctrl()"
Previous message: Shawn Guo: "Re: [RFC v2 4/9] of: add clock providers"
In reply to: John Johansen: "Re: [PATCH] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve fromgranting privs"
Next in thread: Oleg Nesterov: "Re: [PATCH] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve fromgranting privs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]