lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B958D7F.1030900@redhat.com>
Date:	Mon, 08 Mar 2010 18:51:27 -0500
From:	Rik van Riel <riel@...hat.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
CC:	Alan Cox <alan@...rguk.ukuu.org.uk>, Ingo Molnar <mingo@...e.hu>,
	James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org,
	Kyle McMartin <kyle@...artin.ca>,
	Alexander Viro <viro@....linux.org.uk>
Subject: Re: Upstream first policy

On 03/08/2010 06:37 PM, Linus Torvalds wrote:

> That's an example of non-pathname-based security, where you actually mark
> the content itself restricted some way. It's very naturally done with
> labels on the inode itself. It's what UNIX has _always_ done
>
> Nobody has ever suggested removing that. That would be crazy.

It is quite clear that the content based security
protects the content from being manipulated by
processes that should not be able to do so.

However, what is unclear to me is ...

> But that thing is _independent_ from the other totally unrelated issue,
> namely the fact that "/etc/passwd" is a special name in the namespace. In
> other words, there is "content security", but then there is also
> "namespace security".

... what exactly does the namespace security protect against?

What is the threat model that the namespace security protects
against, which is not protected by the content based security?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ