| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFw20W9L8HV+VbTRNeQQM-_+aeUhvT9AAod5LGfb-7hE9g@mail.gmail.com>
Date: Mon, 26 Aug 2013 11:07:54 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Andy Lutomirski <luto@...capital.net>, Willy Tarreau <w@....eu>,
"security@...nel.org" <security@...nel.org>,
Ingo Molnar <mingo@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Oleg Nesterov <oleg@...hat.com>,
Linux FS Devel <linux-fsdevel@...r.kernel.org>,
Brad Spengler <spender@...ecurity.net>
Subject: Re: [PATCH v2] vfs: Tighten up linkat(..., AT_EMPTY_PATH)
On Mon, Aug 26, 2013 at 10:37 AM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> I'm playing with a patch that then in addition to the ptrace check
> *also* requires that the file was opened with the same credentials as
> the follower _or_ the task being followed. I'll see if that works out.
Chrome sandboxing still _works_ with the attached patch, but there's a
few audit messages about the sandbox being denied dac_read_search. And
I'm really not very happy with this anyway.
So I'm going to send it out (using email to archive things and see if
anybody has any comments), and then forget about it.
Linus
Download attachment "patch.diff" of type "application/octet-stream" (1592 bytes)
Powered by blists - more mailing lists