| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Apr 2010 11:11:55 -0400 From: Andrew Lutomirski <luto@....edu> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: Stephen Smalley <sds@...ho.nsa.gov>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Eric Biederman <ebiederm@...ssion.com>, "Andrew G. Morgan" <morgan@...nel.org> Subject: Re: [PATCH 0/3] Taming execve, setuid, and LSMs On Tue, Apr 20, 2010 at 10:35 AM, Serge E. Hallyn <serue@...ibm.com> wrote: >> >> True, but I think it's still asking for trouble -- other LSMs could >> (and almost certainly will, especially the out-of-tree ones) do >> something, and I think that any action at all that an LSM takes in the >> bprm_set_creds hook for a nosuid (or whatever it's called) process is >> wrong or at best misguided. > > I could be wrong, but I think the point is that your reasoning is > correct, and that the same reasoning must apply if we're just > executing a file out of an fs which has been mounted with '-o nosuid'. I tend to agree, except that only root can set nosuid (presumably) and making that change will change existing behavior. Is that a problem? --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists