From: Anthony Liguori <aliguori@us.ibm.com>
To: Corey Bryant <coreyb@linux.vnet.ibm.com>
Cc: Blue Swirl <blauwirbel@gmail.com>,
rmarwah@linux.vnet.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v2 3/4] Add cap reduction support to enable use as SUID
Date: Mon, 24 Oct 2011 14:21:05 -0500 [thread overview]
Message-ID: <4EA5BAA1.9010507@us.ibm.com> (raw)
In-Reply-To: <4EA5B8E5.6040306@linux.vnet.ibm.com>
On 10/24/2011 02:13 PM, Corey Bryant wrote:
>> Right, it's not desirable, but isn't that the best we can do without
>> libcap or FS capabilities?
>>
>
> I think the best we can do is not let it run in those cases. :) I'd like see if
> others in the community have an opinion on this though.
IMHO, it should work as an setuid binary maintaining root privileges. As long
as it's a small binary (which it is) and is easy to audit, it should be safe.
Regards,
Anthony Liguori
next prev parent reply other threads:[~2011-10-24 19:22 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-21 15:07 [Qemu-devel] [PATCH v2 0/4] -net bridge: rootless bridge support for qemu Corey Bryant
2011-10-21 15:07 ` [Qemu-devel] [PATCH v2 1/4] Add basic version of bridge helper Corey Bryant
2011-10-23 12:56 ` Blue Swirl
2011-10-24 13:12 ` Corey Bryant
2011-10-21 15:07 ` [Qemu-devel] [PATCH v2 2/4] Add access control support to qemu " Corey Bryant
2011-10-23 13:10 ` Blue Swirl
2011-10-24 13:44 ` Corey Bryant
2011-10-24 16:58 ` Blue Swirl
2011-10-21 15:07 ` [Qemu-devel] [PATCH v2 3/4] Add cap reduction support to enable use as SUID Corey Bryant
2011-10-23 13:22 ` Blue Swirl
2011-10-24 14:13 ` Corey Bryant
2011-10-24 17:10 ` Blue Swirl
2011-10-24 18:38 ` Corey Bryant
2011-10-24 18:58 ` Blue Swirl
2011-10-24 19:13 ` Corey Bryant
2011-10-24 19:21 ` Anthony Liguori [this message]
2011-10-24 20:20 ` Corey Bryant
2011-10-24 22:15 ` Anthony Liguori
2011-10-24 19:19 ` Anthony Liguori
2011-10-21 15:07 ` [Qemu-devel] [PATCH v2 4/4] Add support for net bridge Corey Bryant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EA5BAA1.9010507@us.ibm.com \
--to=aliguori@us.ibm.com \
--cc=blauwirbel@gmail.com \
--cc=coreyb@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=rmarwah@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.