| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cfd18e0f1003132118y21bd71band2d07ae85c8d4c9@mail.gmail.com> Date: Sun, 14 Mar 2010 06:18:50 +0100 From: Michael Kerrisk <mtk.manpages@...glemail.com> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: James Morris <jmorris@...ei.org>, lkml <linux-kernel@...r.kernel.org>, SELinux <selinux@...ho.nsa.gov>, linux-security-module@...r.kernel.org, Stephen Smalley <sds@...ch.ncsc.mil>, Kees Cook <kees.cook@...onical.com>, Andrew Morgan <morgan@...nel.org>, "Christopher J. PeBenito" <cpebenito@...sys.com>, Eric Paris <eparis@...isplace.org> Subject: Re: [PATCH] Define CAP_SYSLOG > There is one downside to this patch: If some site or distro currently > has syslogd/whatever running as a non-root user with cap_sys_admin+pe, > then it will need to be changed to run with cap_syslog+pe. I don't > know if there are such sites, or if that concern means we should take > a different approach to introducing this change, or simply refuse this > change. *If* this is a problem, would the way to address it not be to permit syslog if the caller has *either* CAP_SYS_ADMIN or CAP_SYSLOG? (The only weakness I see in this idea is that it fails to lighten the hugely overlaoded CAP_SYS_ADMIN.) Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface" http://blog.man7.org/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists