[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <533105.53764.qm@web36610.mail.mud.yahoo.com>
Date: Fri, 21 Sep 2007 09:04:37 -0700 (PDT)
From: Casey Schaufler <casey@...aufler-ca.com>
To: David Howells <dhowells@...hat.com>, casey@...aufler-ca.com
Cc: dhowells@...hat.com, viro@....linux.org.uk, hch@...radead.org,
Trond.Myklebust@...app.com, sds@...ho.nsa.gov,
linux-kernel@...r.kernel.org, selinux@...ho.nsa.gov,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH 00/22] Introduce credential record
--- David Howells <dhowells@...hat.com> wrote:
> Casey Schaufler <casey@...aufler-ca.com> wrote:
>
> > > One thing I'm not certain about is how this should interact with /proc,
> > > which can display some of the stuff in the cred struct. I think it may
> be
> > > necessary to have a real cred pointer and an effective cred pointer, with
> > > the contents of /proc coming from the real, but the effective governing
> > > what actually goes on.
> >
> > I think you want the effective values to show up in /proc.
>
> Perhaps - but bear in mind that in the override case they weren't set by the
> process itself.
They are nonetheless in effect and (heaven forbid) should they be
abused you don't want to hide the facts from concerned observers.
Casey Schaufler
casey@...aufler-ca.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists