Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities

[Paul E. McKenney]

On Fri, Jan 30, 2015 at 10:56:14PM +0100, Richard Weinberger wrote:
> On Fri, Jan 30, 2015 at 10:40 PM, Josh Triplett <josh@xxxxxxxxxxxxxxxx> wrote:
> > *Today*, Linux is a challenging choice for a tiny embedded system.
> > We're trying to fix that.
> 
> Can you please more specific about the embedded systems exactly you're
> talking about?
> 
> I find this patch rather controversial as it removes a lot of security.
> Embedded systems *are* a target for all kind of attacks.
> Misguided embedded engineers will abuse this feature and produce even more
> weak targets.

Without this patch, those same engineers would simply run everything as
root.  "Make a foolproof system, and they will invent a better fool".  ;-)

							Thanx, Paul

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/