From: Olaf Dietsche <olaf+list.linux-kernel@olafdietsche.de>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Olaf Dietsche <olaf+list.linux-kernel@olafdietsche.de>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Andrew Morgan <morgan@kernel.org>,
Stephen Smalley <sds@epoch.ncsc.mil>,
Chris Wright <chrisw@osdl.org>
Subject: Re: [PATCH] 2.6.23: Filesystem capabilities 0.17
Date: Thu, 01 Nov 2007 20:54:09 +0100 [thread overview]
Message-ID: <87mytx91y6.fsf@olafdietsche.de> (raw)
In-Reply-To: 20071031173606.GA27982@vino.hallyn.com
"Serge E. Hallyn" <serge@hallyn.com> writes:
> Quoting Olaf Dietsche (olaf+list.linux-kernel@olafdietsche.de):
>> This patch implements filesystem capabilities. It allows to
>> run privileged executables without the need for suid root.
>>
>> Changes:
>> - updated to 2.6.23
>> - fix const correctness
>> - fix secureexec
[...]
> given that file capabilities are now in 2.6.23, could you explain the
> benefits of this version? Should we consider switching it out for
> yours?
It's just another version, works without xattr and, most important:
it's mine :-)
> If we stick with the current upstream file capabilities patch, should we
> port your SECURE_HACK to it? I actually thought that fixing
> bprm_secure_exec() sufficed?
Fixing bprm_secure_exec() is sufficient. SECURE_HACK is just a
leftover, when there was no AT_SECURE and accordingly libc (< 2.3.6)
ignored bprm_secure_exec().
Regards, Olaf.
prev parent reply other threads:[~2007-11-01 19:55 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-26 16:08 [PATCH] 2.6.23: Filesystem capabilities 0.17 Olaf Dietsche
2007-10-31 17:08 ` Jan Kara
2007-11-01 19:49 ` Olaf Dietsche
2007-11-01 21:54 ` Jan Kara
2007-11-01 22:22 ` Olaf Dietsche
2007-11-02 4:21 ` Casey Schaufler
2007-11-02 9:07 ` Olaf Dietsche
2007-11-05 11:09 ` Jan Kara
2007-11-07 14:42 ` Olaf Dietsche
2007-10-31 17:36 ` Serge E. Hallyn
2007-11-01 19:54 ` Olaf Dietsche [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mytx91y6.fsf@olafdietsche.de \
--to=olaf+list.linux-kernel@olafdietsche.de \
--cc=chrisw@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=sds@epoch.ncsc.mil \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.