| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Jan 2010 14:46:29 +0000 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: daw-news@...erner.cs.berkeley.edu (David Wagner) Cc: linux-kernel@...r.kernel.org Subject: Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges On Thu, 31 Dec 2009 17:55:27 +0000 (UTC) daw@...berkeley.edu (David Wagner) wrote: > Alan Cox wrote: > >Removing specific features from a specific piece of code > >generally isn't a security feature - > > You lost me there. The ability of a specific piece of code to voluntarily > relinquish privileges can be a big benefit to security. Can be - but its historically been an endless source of bugs and flaws because the code being run after you take the rights away is being run in an environment it didn't expect and wasn't tested in. >From inanities like setting the file size limit to 0 and running passwd blanking the password file (SGI Irix) to closing file handle 0 or setting cpu quotas to make a forked daemon process die unexpectedly the list is endless. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists