| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Apr 2014 12:21:49 -0400 From: Tejun Heo <tj@...nel.org> To: Simo Sorce <ssorce@...hat.com> Cc: Andy Lutomirski <luto@...capital.net>, David Miller <davem@...emloft.net>, Vivek Goyal <vgoyal@...hat.com>, Daniel Walsh <dwalsh@...hat.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, lpoetter@...hat.com, cgroups@...r.kernel.org, kay@...hat.com, Network Development <netdev@...r.kernel.org> Subject: Re: [PATCH 2/2] net: Implement SO_PASSCGROUP to enable passing cgroup path Hello, On Wed, Apr 16, 2014 at 12:13:57PM -0400, Simo Sorce wrote: > The only one that *may* be reasonable is the "secret" cgroup name one, > however nobody seem to come up with a reason why it is legitimate to > allow to keep cgroup names secret. Ugh, please don't play security games with cgroup names. It is one of the identifying properties of a task, like a pid, and will be used in other parts of the kernel to match groups of tasks. If we play security peekaboo with cgroup names, it has to be transitive and puts burdens on all its future uses. Unless there are *REALLY* strong rationales, which can also justify hiding pids, this isn't happening. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists