| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Feb 2015 10:47:01 -0600 (CST) From: Christoph Lameter <cl@...ux.com> To: Andy Lutomirski <luto@...capital.net> cc: Serge Hallyn <serge.hallyn@...ntu.com>, Serge Hallyn <serge.hallyn@...onical.com>, Aaron Jones <aaronmdjones@...il.com>, Ted Ts'o <tytso@....edu>, LSM List <linux-security-module@...r.kernel.org>, Andrew Morton <akpm@...uxfoundation.org>, "Andrew G. Morgan" <morgan@...nel.org>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, Austin S Hemmelgarn <ahferroin7@...il.com>, Markku Savela <msa@...h.iki.fi>, Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, Michael Kerrisk <mtk.manpages@...il.com>, Jonathan Corbet <corbet@....net> Subject: Re: [PATCH] capabilities: Ambient capability set V1 On Mon, 23 Feb 2015, Andy Lutomirski wrote: > Is there really a need to drop privilege and then regain it or is it > sufficient to keep the privilege permitted (and perhaps ambient, too) > and just to have execve not drop it for you? I assume the latter. I would think just keep the ambient set active as long as there is no prctl switching the cap off in the child processes. Do not let it be affected by the usual drop privs stuff. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists