Re: [PATCH] exec: Weaken dumpability for secureexec

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Tom Horsley <horsley1953@gmail.com>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Kees Cook <keescook@chromium.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Laura Abbott <labbott@redhat.com>,
	David Howells <dhowells@redhat.com>,
	James Morris <james.l.morris@oracle.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] exec: Weaken dumpability for secureexec
Date: Wed, 3 Jan 2018 07:11:58 -0500	[thread overview]
Message-ID: <20180103071158.204eeb41@tomh> (raw)
In-Reply-To: <20180103070444.GA6331@mail.hallyn.com>

On Wed, 3 Jan 2018 01:04:44 -0600
Serge E. Hallyn wrote:

> > This weakens dumpability back to checking only for uid/gid changes in
> > current (which is useless), but userspace depends on dumpability not
> > being tied to secureexec.
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1528633
> > 
> > Reported-by: Tom Horsley <horsley1953@gmail.com>  
> 
> Seems right, any chance we could get a tested-by: Tom?  (Did we already
> get that?)

I didn't test it myself, but all I'd do is run the test program
I've attached to the bugzilla above which is trivial compared
to be learning how to patch and build kernels. So it would be
much simpler for someone with the kernel already built to
extract the tarball and type make :-).

next prev parent reply	other threads:[~2018-01-03 12:12 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-02 23:21 [PATCH] exec: Weaken dumpability for secureexec Kees Cook
2018-01-03  7:04 ` Serge E. Hallyn
2018-01-03 12:11   ` Tom Horsley [this message]
2018-01-03 17:21     ` Kees Cook
2018-01-03 17:34       ` Laura Abbott
2018-01-03  7:06 ` Serge E. Hallyn
2018-01-03 17:21   ` Kees Cook
2018-01-03 17:41     ` Serge E. Hallyn
2018-01-03 19:08     ` Tom Horsley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180103071158.204eeb41@tomh \
    --to=horsley1953@gmail.com \
    --cc=dhowells@redhat.com \
    --cc=james.l.morris@oracle.com \
    --cc=keescook@chromium.org \
    --cc=labbott@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox