| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120330195652.GM1892@moon> Date: Fri, 30 Mar 2012 23:56:52 +0400 From: Cyrill Gorcunov <gorcunov@...nvz.org> To: Kees Cook <keescook@...omium.org> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Serge Hallyn <serge.hallyn@...onical.com>, Oleg Nesterov <oleg@...hat.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Pavel Emelyanov <xemul@...allels.com> Subject: Re: [rfc] fcntl: Add F_GETOWNER_UIDS option On Fri, Mar 30, 2012 at 12:46:51PM -0700, Kees Cook wrote: > >> > >> I meant the dumper. Yes, at moment f_get/setown requires no privileges > >> but I'm not sure if uid/euid is same or less sensible information > >> than pid, that's why I though CAP_FOWNER might be worth to add, no? > > > > Hmm, I would say no, but that might be a good question for kees. > > > > IMO it's not sensitive information and so no sense requiring privilege > > (and encouraging handing out of extra privilage to get at the info) > > Nothing jumps out at me about just seeing uid/euid. Everything can be > construed as an information leak, but this don't seem like something > that needs special protection. OK, thanks Kees. Cyrill -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists