| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090416162910.GA20736@us.ibm.com> Date: Thu, 16 Apr 2009 11:29:10 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: Alexey Dobriyan <adobriyan@...il.com> Cc: Oren Laadan <orenl@...columbia.edu>, Dave Hansen <dave@...ux.vnet.ibm.com>, xemul@...allels.com, containers@...ts.linux-foundation.org, mingo@...e.hu, linux-kernel@...r.kernel.org, hch@...radead.org, akpm@...ux-foundation.org, torvalds@...ux-foundation.org Subject: Re: CAP_SYS_ADMIN on restart(2) Quoting Alexey Dobriyan (adobriyan@...il.com): > > What Alexey wants, I believe, is for users to be able to not have > > to worry about there being exploitable bugs in restart(2) which > > unprivileged users can play with. And for the usual distro-kernel > > reasons, saying use 'CONFIG_CHECKPOINT=n' is not an option. > > This is correct, yes. If I would be a sysadmin who knows a bit about > kernel internals, I'd never trust restart(2) to get it right. Now I suppose what we could do is define a new CAP_SYS_RESTART capability and require that. Then the admin to whom I'm trying to cater could simply 'capset cap_sys_restart=pe /bin/restart'. Then all users could use restart without being granted the extra privilege implied by CAP_SYS_ADMIN. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists