Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities

[Richard Weinberger]

Am 01.02.2015 um 00:30 schrieb Paul E. McKenney:
> On Fri, Jan 30, 2015 at 10:56:14PM +0100, Richard Weinberger wrote:
>> On Fri, Jan 30, 2015 at 10:40 PM, Josh Triplett <josh@xxxxxxxxxxxxxxxx> wrote:
>>> *Today*, Linux is a challenging choice for a tiny embedded system.
>>> We're trying to fix that.
>>
>> Can you please more specific about the embedded systems exactly you're
>> talking about?
>>
>> I find this patch rather controversial as it removes a lot of security.
>> Embedded systems *are* a target for all kind of attacks.
>> Misguided embedded engineers will abuse this feature and produce even more
>> weak targets.
> 
> Without this patch, those same engineers would simply run everything as
> root.  "Make a foolproof system, and they will invent a better fool".  ;-)

Luckily many services will run as non-root by default and some even refuse to
run as root. :-)

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/