public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Andrew Morton <akpm@linux-foundation.org>
To: "Andrew G. Morgan" <morgan@kernel.org>
Cc: Linux Security Modules List 
	<linux-security-module@vger.kernel.org>,
	linux-kernel@vger.kernel.org,
	"Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: [PATCH] per-process securebits
Date: Sat, 2 Feb 2008 22:18:12 -0800	[thread overview]
Message-ID: <20080202221812.2f9d70a8.akpm@linux-foundation.org> (raw)
In-Reply-To: <47A558CF.60702@kernel.org>

On Sat, 02 Feb 2008 22:01:51 -0800 "Andrew G. Morgan" <morgan@kernel.org> wrote:

> Here is the very very long version (which took some time to write, and I
> thought was a bit much to spam these lists with):
> 
> http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html

Thanks.  Imagine not testing the retrn value from something like setuid().
Oh well.  The reasoning for disabling it was good.

So how do we ever get to the stage where we can recommend that distributors
turn these things on, and have them agree with us?

Do we have sufficiently stern things in place to prevent them from turning
it on by accident?  Some of them are pretty gung-ho.

  reply	other threads:[~2008-02-03  6:18 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-01  8:11 [PATCH] per-process securebits Andrew G. Morgan
2008-02-01  8:28 ` Andrew Morton
2008-02-01  9:07   ` James Morris
2008-02-04 18:17     ` Pavel Machek
2008-02-04 22:00       ` Andrew Morton
2008-02-03  6:01   ` Andrew G. Morgan
2008-02-03  6:18     ` Andrew Morton [this message]
2008-02-03  6:25       ` Ismail Dönmez
2008-02-04  0:49         ` Andrew G. Morgan
2008-02-04  0:54           ` Ismail Dönmez
2008-02-04  1:10             ` Andrew G. Morgan
2008-02-04 16:45               ` Serge E. Hallyn
2008-02-05  1:15                 ` Ismail Dönmez
2008-02-01 20:15 ` serge
2008-02-03  6:11   ` Andrew G. Morgan
2008-02-05 18:46 ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080202221812.2f9d70a8.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=morgan@kernel.org \
    --cc=serue@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox