From: Florian Mickler <florian@mickler.org>
To: linux-kernel@vger.kernel.org
Subject: Re: Upstream first policy
Date: Tue, 9 Mar 2010 16:16:11 +0100 [thread overview]
Message-ID: <20100309161611.1833523b@schatten.dmk.lab> (raw)
In-Reply-To: <7e0fb38c1003081518o7cddd121wa9c363a4e8211115@mail.gmail.com>
On Mon, 8 Mar 2010 18:18:21 -0500
Eric Paris <eparis@parisplace.org> wrote:
> You do realize that with content based security systems the pathnames
> aren't important and you could implement your example patch? Sure a
> user could mount something on /lib and put their own files there, but
> since that user couldn't get them labelled correctly the suid app
> would not be able to use them and would fail. Users would have new
> and interesting way to break their computers!
but isn't that why a pathname based protect of /lib would be better? so
that users couldn't break their system?
>I thank you for your
> vote for content based security systems instead of pathname systems
> and look forward to your future contributions to either that body of
> knowledge or the bridging of the gap between the two *smile*
>
> -Eric
i interpret it not this way. but i'm an amateur securita :)
cheers,
Flo
next prev parent reply other threads:[~2010-03-09 17:15 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-07 21:23 Upstream first policy James Morris
2010-03-07 21:31 ` Linus Torvalds
2010-03-07 21:36 ` Linus Torvalds
2010-03-08 9:46 ` Ingo Molnar
2010-03-08 17:30 ` Alan Cox
2010-03-08 18:08 ` Linus Torvalds
2010-03-08 18:45 ` Al Viro
2010-03-08 18:53 ` Al Viro
2010-03-08 18:59 ` Linus Torvalds
2010-03-08 19:15 ` Linus Torvalds
2010-03-08 19:17 ` Alan Cox
2010-03-08 19:32 ` Linus Torvalds
2010-03-09 0:48 ` Kyle McMartin
2010-03-08 21:20 ` Chris Adams
2010-03-08 19:18 ` Al Viro
2010-03-09 1:18 ` Luca Barbieri
2010-03-09 1:25 ` Al Viro
2010-03-09 1:51 ` Luca Barbieri
2010-03-09 1:55 ` Al Viro
2010-03-09 2:09 ` Luca Barbieri
2010-03-08 19:08 ` Alan Cox
2010-03-08 19:18 ` Linus Torvalds
2010-03-08 19:27 ` Alan Cox
2010-03-08 19:34 ` Linus Torvalds
2010-03-09 7:29 ` Ingo Molnar
2010-03-09 8:46 ` Dave Airlie
2010-03-09 14:58 ` Ulrich Drepper
2010-03-08 23:02 ` Eric W. Biederman
2010-03-08 23:18 ` Eric Paris
2010-03-09 15:16 ` Florian Mickler [this message]
2010-03-09 22:49 ` Alan Cox
2010-03-11 3:52 ` Eric W. Biederman
2010-03-08 22:12 ` Ulrich Drepper
2010-03-08 23:12 ` Eric Paris
2010-03-08 23:21 ` Linus Torvalds
2010-03-08 23:18 ` Rik van Riel
2010-03-08 23:37 ` Linus Torvalds
2010-03-08 23:51 ` Rik van Riel
2010-03-09 0:10 ` Linus Torvalds
2010-03-09 3:26 ` Casey Schaufler
2010-03-09 3:58 ` Linus Torvalds
2010-03-09 13:09 ` Samir Bellabes
2010-03-09 0:15 ` Al Viro
2010-03-09 0:48 ` Al Viro
2010-03-09 1:49 ` Linus Torvalds
2010-03-09 2:05 ` Al Viro
2010-03-09 2:18 ` Linus Torvalds
2010-03-23 13:59 ` Pavel Machek
[not found] <elwcV-406-1@gated-at.bofh.it>
[not found] ` <elHL4-42q-5@gated-at.bofh.it>
[not found] ` <elP5U-6Ku-29@gated-at.bofh.it>
[not found] ` <elPyV-7zE-7@gated-at.bofh.it>
[not found] ` <elQbE-8ll-7@gated-at.bofh.it>
[not found] ` <elQv0-vu-13@gated-at.bofh.it>
[not found] ` <elQEG-Hn-33@gated-at.bofh.it>
2010-03-08 19:40 ` James Kosin
-- strict thread matches above, loose matches on Subject: below --
2010-03-04 18:39 [git pull] drm request 3 Jesse Barnes
2010-03-04 18:51 ` Linus Torvalds
2010-03-04 18:56 ` Jesse Barnes
2010-03-04 19:08 ` Linus Torvalds
2010-03-04 19:25 ` Dave Airlie
2010-03-04 20:01 ` Linus Torvalds
2010-03-04 22:06 ` Dave Airlie
2010-03-05 0:08 ` Linus Torvalds
2010-03-05 0:28 ` Ben Skeggs
2010-03-05 0:41 ` Linus Torvalds
2010-03-05 1:19 ` Upstream first policy Kyle McMartin
2010-03-05 1:28 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100309161611.1833523b@schatten.dmk.lab \
--to=florian@mickler.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.