From: martin f krafft <madduck@madduck.net>
To: linux-hotplug@vger.kernel.org
Subject: Re: Bug#286040: please allow permissions.d to follow symlinks
Date: Fri, 17 Dec 2004 17:10:10 +0000 [thread overview]
Message-ID: <20041217171010.GA3494@cirrus.madduck.net> (raw)
In-Reply-To: <20041217083115.GA4050@wonderland.linux.it>
[-- Attachment #1: Type: text/plain, Size: 1901 bytes --]
also sprach Greg KH <greg@kroah.com> [2004.12.17.1745 +0100]:
> I think Kay properly stated my argument already. I'll leave it at
> that for now, as he has done a wonderful job so far.
mh. I must work on improving my English comprehension skills then.
> Actually I was considering just dropping the permissions.d file
> entirely, as I think we don't need it anymore. But I have not had
> the time to determine if this is possible or not just yet.
Oh great. Reverse evolution.
> What about the fun interaction with pam that causes device nodes to
> "magically" assume other permissions. Are you objecting to that too?
Yes, vehemently. It has caused way too much trouble.
From the README:
"Please note: the current version depends on too many external
tools and libraries, making it big and hard to evaluate for
security."
http://www.i-eye.net/exploits/pam_console.c.php
It may work for your one-user desktop system. Any other use is
dangerous. There must be a reason why it's not part of libpam.
> I have yet to see a patch that offers such an "improvement" in
> this thread. If you ever create one, I would love to see it
> posted on the list for everyone to evaluate. Until then, this
> argument is over.
I might provide it. However, so far the feedback has been that
I should instead bugger off and get a clue. So instead I think
I will feed it into Debian and see if it's useful. You can always
come and ask for it should I forget to submit it here.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
spamtraps: madduck.bogus@madduck.net
"in the stage of grand illusion
you walked into my life
out of my dreams."
-- david bowie
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-12-17 17:10 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-17 8:31 Bug#286040: please allow permissions.d to follow symlinks Marco d'Itri
2004-12-17 10:11 ` Stefan Schweizer
2004-12-17 10:48 ` martin f krafft
2004-12-17 13:24 ` Kay Sievers
2004-12-17 13:38 ` martin f krafft
2004-12-17 13:40 ` Marco d'Itri
2004-12-17 13:45 ` Kay Sievers
2004-12-17 13:47 ` Kay Sievers
2004-12-17 13:49 ` Marco d'Itri
2004-12-17 13:56 ` Kay Sievers
2004-12-17 13:58 ` martin f krafft
2004-12-17 14:13 ` Kay Sievers
2004-12-17 14:19 ` martin f krafft
2004-12-17 14:20 ` Kay Sievers
2004-12-17 14:35 ` martin f krafft
2004-12-17 14:36 ` Stefan Schweizer
2004-12-17 14:42 ` martin f krafft
2004-12-17 14:45 ` Kay Sievers
2004-12-17 14:52 ` martin f krafft
2004-12-17 15:50 ` Greg KH
2004-12-17 16:14 ` martin f krafft
2004-12-17 16:45 ` Greg KH
2004-12-17 17:10 ` martin f krafft [this message]
2004-12-17 17:45 ` Stefan Schweizer
2004-12-17 18:33 ` Greg KH
2004-12-17 18:40 ` martin f krafft
2004-12-17 23:25 ` Kay Sievers
2004-12-17 23:41 ` martin f krafft
2004-12-18 0:25 ` Lindsay Haisley
2004-12-18 0:53 ` martin f krafft
2004-12-18 1:18 ` martin f krafft
2004-12-18 3:04 ` Greg KH
2004-12-18 4:18 ` Lindsay Haisley
2004-12-18 4:21 ` martin f krafft
2004-12-18 9:48 ` Stefan Schweizer
2004-12-18 12:33 ` Tobias Klauser
2004-12-18 13:04 ` Marco d'Itri
2004-12-19 4:34 ` Randy.Dunlap
2004-12-20 9:39 ` martin f krafft
2004-12-20 17:56 ` Lindsay Haisley
2004-12-20 18:04 ` martin f krafft
2004-12-20 19:05 ` Lindsay Haisley
2004-12-21 8:04 ` martin f krafft
2004-12-21 16:11 ` Lindsay Haisley
2004-12-21 16:31 ` Lindsay Haisley
2004-12-21 16:38 ` martin f krafft
2004-12-21 16:48 ` Tobias Klauser
2004-12-21 16:54 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041217171010.GA3494@cirrus.madduck.net \
--to=madduck@madduck.net \
--cc=linux-hotplug@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).