Re: capabilitiescompute_cred

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andy Lutomirski <luto@stanford.edu>
To: Stephen Smalley <sds@epoch.ncsc.mil>, Andrew Morton <akpm@osdl.org>
Cc: Chris Wright <chrisw@osdl.org>,
	luto@myrealbox.com, lkml <linux-kernel@vger.kernel.org>
Subject: Re: capabilitiescompute_cred
Date: Sat, 03 Apr 2004 17:41:55 +0200	[thread overview]
Message-ID: <406EDB43.6030401@stanford.edu> (raw)
In-Reply-To: <1080942432.28777.109.camel@moss-spartans.epoch.ncsc.mil>

Stephen Smalley wrote:

> On Fri, 2004-04-02 at 15:21, Andy Lutomirski wrote:
> 
>>I agree in principle, but it would still be nice to have a simple way to 
>>have useful capabilities without setting up a MAC system.  I don't see a 
>>capabilities fix adding any significant amount of code; it just takes 
>>some effort to get it right.
> 
> 
> I'm not opposed to making the existing capability logic more useable; I
> just think that capabilities will ultimately be superseded by TE.
>  
> 
>>You can find my attempts to get it right in the 
>>linux-kernel archives, and I'll probably try to get something into 2.7 
>>when it forks.  With or without MAC, having a functioning capability 
>>system wouldn't hurt security.
> 
> 
> Does revising the capability logic need to wait on 2.7?  Have you
> changed the logic significantly since the last patch you posted to lkml?
> 

I don't _think_ it's changed, but I'll double-check that in a few days 
(I'm out of town).  I'll also rediff my patch.  Should it be a config 
option?

Anyway, I have no strong objection to seeing a change in 2.6 -- there's 
just some risk that it could break something that depends on the current 
(broken, undocumented) behavior.

Andrew:  would you be willing to put a capabilities fix into -mm?

--Andy

     prev parent reply	other threads:[~2004-04-03 15:41 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20040402033231.05c0c337.akpm@osdl.org>
     [not found] ` <1080912069.27706.42.camel@moss-spartans.epoch.ncsc.mil>
     [not found]   ` <20040402111554.E21045@build.pdx.osdl.net>
2004-04-02 20:21     ` capabilitiescompute_cred Andy Lutomirski
2004-04-02 21:03       ` capabilitiescompute_cred Chris Wright
2004-04-02 21:47       ` capabilitiescompute_cred Stephen Smalley
2004-04-03 15:41         ` Andy Lutomirski [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=406EDB43.6030401@stanford.edu \
    --to=luto@stanford.edu \
    --cc=akpm@osdl.org \
    --cc=chrisw@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@myrealbox.com \
    --cc=sds@epoch.ncsc.mil \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.