| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060917211602.GA6215@clipper.ens.fr>
Date: Sun, 17 Sep 2006 23:16:02 +0200
From: David Madore <david.madore@....fr>
To: Joshua Brindle <method@...too.org>
Cc: Pavel Machek <pavel@....cz>, Alan Cox <alan@...rguk.ukuu.org.uk>,
Linux Kernel mailing-list <linux-kernel@...r.kernel.org>,
LSM mailing-list <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
On Sun, Sep 17, 2006 at 04:39:16PM -0400, Joshua Brindle wrote:
> The benefits of this are so minuscule and the cost is so high if you are
> ever to use it that it simply won't happen..
I'm withdrawing that patch anyway, in favor of a LSM-style approach,
the "cuppabilities" module (cf. the patch I posted a couple of hours
ago with that word in the title, and I'll be posting a new version in
a day or so, or cf. <URL:
http://www.madore.org/~david/linux/cuppabilities/
>). In this case, the relative cost will be lower since the
security_ops->inode_permission() hook is called no matter what.
But I agree that the value of restricting open() is very dubious and
it was intended mostly as a demonstration. So if there is strong
opposition to this sort of thing, I'll remove it.
Happy hacking,
--
David A. Madore
(david.madore@....fr,
http://www.madore.org/~david/ )
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists