| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jul 2006 09:13:35 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: Dave Hansen <haveblue@...ibm.com> Cc: "Serge E. Hallyn" <serue@...ibm.com>, Cedric Le Goater <clg@...ibm.com>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...l.org>, Kirill Korotaev <dev@...nvz.org>, Andrey Savochkin <saw@...ru>, Herbert Poetzl <herbert@...hfloor.at>, Sam Vilain <sam.vilain@...alyst.net.nz> Subject: Re: [PATCH -mm 5/7] add user namespace Dave Hansen <haveblue@...ibm.com> writes: > On Thu, 2006-07-13 at 21:45 -0600, Eric W. Biederman wrote: >> I think for filesystems like /proc and /sys that there will normally >> be problems. However many of those problems can be rationalized away >> as a reasonable optimization, or are not immediately apparent. > > Could you talk about some of these problems? Already mentioned but. rw permissions on sensitive files are for uid == 0. No capability checks are performed. >> Passing a file descriptor between process in a unix domain socket is >> a case where I can easily construct scenarios where there are >> indisputable problems. It is one of my standard thought experiments >> to see if a namespace is sound. > > Care to share some of those indisputable problems? Already done. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists