lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Mar 2011 22:26:05 -0400 From: James Bottomley <James.Bottomley@...e.de> To: Vasiliy Kulikov <segoon@...nwall.com> Cc: linux-kernel@...r.kernel.org, linux-omap@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-usb@...r.kernel.org, linux-media@...r.kernel.org, platform-driver-x86@...r.kernel.org, acpi4asus-user@...ts.sourceforge.net, rtc-linux@...glegroups.com, linux-scsi@...r.kernel.org, open-iscsi@...glegroups.com, security@...nel.org Subject: Re: [PATCH 00/20] world-writable files in sysfs and debugfs On Sat, 2011-03-12 at 23:23 +0300, Vasiliy Kulikov wrote: > > Vasiliy Kulikov (20): > > mach-ux500: mbox-db5500: world-writable sysfs fifo file > > leds: lp5521: world-writable sysfs engine* files > > leds: lp5523: world-writable engine* sysfs files > > misc: ep93xx_pwm: world-writable sysfs files > > rtc: rtc-ds1511: world-writable sysfs nvram file > > scsi: aic94xx: world-writable sysfs update_bios file > > scsi: iscsi: world-writable sysfs priv_sess file > > These are still not merged :( OK, so I've not been tracking where we are in the dizzying ride on security systems. However, I thought we landed up in the privilege separation arena using capabilities. That means that world writeable files aren't necessarily a problem as long as the correct capabilities checks are in place, right? James -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists