| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130920163043.GN7729@decadent.org.uk>
Date: Fri, 20 Sep 2013 17:30:44 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: David Miller <davem@...emloft.net>
Cc: jslaby@...e.cz, akpm@...ux-foundation.org, jeffm@...e.com,
netdev@...r.kernel.org, isdn4linux@...pen.de, isdn@...ux-pingi.de,
sergei.shtylyov@...entembedded.com
Subject: Re: [patch 2/4] mISDN: add support for group membership check
On Fri, Sep 20, 2013 at 12:21:42PM -0400, David Miller wrote:
> From: Jiri Slaby <jslaby@...e.cz>
> Date: Fri, 20 Sep 2013 18:18:02 +0200
>
> > Ok, let's leave the hole in there then.
>
> Jiri, don't turn this on me.
>
> The issue is not whether something needs to be fixed or not, I never
> said "don't fix this" and therefore I'd like to ask politely that you
> not make it seem like I have.
>
> Rather, I'm saying that the implementation is terrible, sets a bad
> precendence for fixing similar problems, and therefore not is in
> a state where we can apply it.
>
> So, I'm not saying "don't fix this", I'm saying "fix it properly."
I think Jiri's last suggestion was to add the capability check to
device renaming (which I think everyone agrees is needed) and not
to add any group identity checks for any operation.
Isn't that fixing it properly?
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists