| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Mar 2010 18:51:27 -0500 From: Rik van Riel <riel@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org> CC: Alan Cox <alan@...rguk.ukuu.org.uk>, Ingo Molnar <mingo@...e.hu>, James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org, Kyle McMartin <kyle@...artin.ca>, Alexander Viro <viro@....linux.org.uk> Subject: Re: Upstream first policy On 03/08/2010 06:37 PM, Linus Torvalds wrote: > That's an example of non-pathname-based security, where you actually mark > the content itself restricted some way. It's very naturally done with > labels on the inode itself. It's what UNIX has _always_ done > > Nobody has ever suggested removing that. That would be crazy. It is quite clear that the content based security protects the content from being manipulated by processes that should not be able to do so. However, what is unclear to me is ... > But that thing is _independent_ from the other totally unrelated issue, > namely the fact that "/etc/passwd" is a special name in the namespace. In > other words, there is "content security", but then there is also > "namespace security". ... what exactly does the namespace security protect against? What is the threat model that the namespace security protects against, which is not protected by the content based security? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists