From: "Andrew G. Morgan" <morgan@kernel.org>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
lkml <linux-kernel@vger.kernel.org>,
Linux Security Modules List
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH] security: protect legacy apps from insufficient privilege
Date: Wed, 21 May 2008 22:18:35 -0700 [thread overview]
Message-ID: <4835022B.2090400@kernel.org> (raw)
In-Reply-To: <20080521203405.GA27901@sergelap.wowway.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Serge E. Hallyn wrote:
| Quoting Andrew G. Morgan (morgan@kernel.org):
| This is a fail-safe additional feature for filesystem capability support.
|
| Cheers
|
| Andrew
~From 916b252d3b631214acea6df6c61e94ce6770fdf7 Mon Sep 17 00:00:00 2001
From: Andrew G. Morgan <morgan@kernel.org>
Date: Thu, 15 May 2008 23:17:13 -0700
Subject: [PATCH] Protect legacy applications from executing with
insufficient privilege.
[..]
| Assuming (as it appears) the only change from last time is that you
| dropped the part changing cap_bprm_apply_creds() contraints for a
| ptraced process, then
Yes. That's the only material change. I also added a comment explaining
the "strange" (since it caused some concern last time around) cap_bset |
cap_inheritable bit...
| Acked-by: Serge Hallyn <serue@us.ibm.com>
| I'll try to give it a good test-run next week.
Thanks
Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFINQIr+bHCR3gb8jsRAjUtAJ0dX67kT3AAtR7gUZgCPiXS2t+nzQCgghmv
GSgqeiwwbZXcc6tSh9957Fo=
=dmv/
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2008-05-22 5:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-21 15:50 [PATCH] security: protect legacy apps from insufficient privilege Andrew G. Morgan
2008-05-21 20:34 ` Serge E. Hallyn
2008-05-22 5:18 ` Andrew G. Morgan [this message]
2008-05-22 5:41 ` Andrew Morton
2008-05-22 13:19 ` Andrew G. Morgan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4835022B.2090400@kernel.org \
--to=morgan@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).