| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130828190024.GA3691@kroah.com> Date: Wed, 28 Aug 2013 12:00:24 -0700 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Linux Containers <containers@...ts.linux-foundation.org>, "Serge E. Hallyn" <serge@...lyn.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Andy Lutomirski <luto@...capital.net> Subject: Re: [REVIEW][PATCH 2/2] sysfs: Restrict mounting sysfs On Tue, Aug 27, 2013 at 02:46:27PM -0700, Eric W. Biederman wrote: > > Don't allow mounting sysfs unless the caller has CAP_SYS_ADMIN rights > over the net namespace. The principle here is if you create or have > capabilities over it you can mount it, otherwise you get to live with > what other people have mounted. > > Instead of testing this with a straight forward ns_capable call, > perform this check the long and torturous way with kobject helpers, > this keeps direct knowledge of namespaces out of sysfs, and preserves > the existing sysfs abstractions. > > Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com> Odd, but makes sense. Acked-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists