| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Aug 2007 00:20:26 -0700
From: Andrew Morgan <morgan@...nel.org>
To: Adrian Bunk <bunk@...nel.org>,
"Serge E. Hallyn" <serge@...lyn.com>, sds@...ho.nsa.gov
CC: chrisw@...s-sol.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [2.6 patch] remove securebits
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Attached is what I consider only an RFC patch.
I've not really thought through (to my satisfaction) the re-purposing of
current->keep_capabilities in the non-filesystem-supporting-capability
configuration, but this is basically the code I'm thinking about. (I'm
typing this email from a system running this patch over 2.6.23-rc3-mm1
so its not 'obviously' broken.)
Adrian Bunk wrote:
>> The user would be userspace...
>>
>> Unless by 'the user' you actually mean the patch itself which will allow
>> the setting of secure_noroot per-process. I don't know for sure, but
>> suspect Andrew might like to wait until file capabilities make it into
>> and stabilize in Linus' tree before going on with that.
>
> That's what I am talking about.
>
> This patch should be submitted and discussed together with the changes
> Andrew has for securebits.
Cheers
Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFG08y0QheEq9QabfIRAnUhAKCEHyUko292kULNTkRqQOGki2NohgCdGXvV
bc+bHzBbI6sPimdf4UTAzGY=
=vB0u
-----END PGP SIGNATURE-----
View attachment "0001-Remove-global-securebits-from-the-kernel.patch" of type "text/x-patch" (15925 bytes)
Powered by blists - more mailing lists