| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ac3eb2510905130609g10043215xfc391658f7d151b3@mail.gmail.com> Date: Wed, 13 May 2009 15:09:27 +0200 From: Kay Sievers <kay.sievers@...y.org> To: Stephen Smalley <sds@...ho.nsa.gov> Cc: "David P. Quigley" <dpquigl@...ho.nsa.gov>, Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org, Greg KH <gregkh@...e.de>, Jan Blunck <jblunck@...e.de>, James Morris <jmorris@...ei.org>, Eric Paris <eparis@...isplace.org>, David Howells <dhowells@...hat.com> Subject: Re: [patch 00/13] devtmpfs patches On Wed, May 13, 2009 at 14:57, Stephen Smalley <sds@...ho.nsa.gov> wrote: >> Ok, good, will do that. Anything like this to keep in mind when >> creating/removing simple subdirectories? > > Yes, any time you call any vfs helper (and thus are subject to the > permission checking calls, both DAC and LSM/SELinux), you need to decide > whether you truly want those permission checks to get applied against > the current process' credentials or whether you should be using > alternate credentials for the call. Yeah, I see. I'll wrap the entire operation in the swapped credentials, which should be the best option anyway. Thanks a lot, Kay -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists