From: Olaf Dietsche <olaf+list.linux-kernel@olafdietsche.de>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Olaf Dietsche <olaf+list.linux-kernel@olafdietsche.de>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Andrew Morgan <morgan@kernel.org>,
Stephen Smalley <sds@epoch.ncsc.mil>,
Chris Wright <chrisw@osdl.org>
Subject: Re: [PATCH] 2.6.23: Filesystem capabilities 0.17
Date: Thu, 01 Nov 2007 20:54:09 +0100 [thread overview]
Message-ID: <87mytx91y6.fsf@olafdietsche.de> (raw)
In-Reply-To: 20071031173606.GA27982@vino.hallyn.com
"Serge E. Hallyn" <serge@hallyn.com> writes:
> Quoting Olaf Dietsche (olaf+list.linux-kernel@olafdietsche.de):
>> This patch implements filesystem capabilities. It allows to
>> run privileged executables without the need for suid root.
>>
>> Changes:
>> - updated to 2.6.23
>> - fix const correctness
>> - fix secureexec
[...]
> given that file capabilities are now in 2.6.23, could you explain the
> benefits of this version? Should we consider switching it out for
> yours?
It's just another version, works without xattr and, most important:
it's mine :-)
> If we stick with the current upstream file capabilities patch, should we
> port your SECURE_HACK to it? I actually thought that fixing
> bprm_secure_exec() sufficed?
Fixing bprm_secure_exec() is sufficient. SECURE_HACK is just a
leftover, when there was no AT_SECURE and accordingly libc (< 2.3.6)
ignored bprm_secure_exec().
Regards, Olaf.
prev parent reply other threads:[~2007-11-01 19:55 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-26 16:08 [PATCH] 2.6.23: Filesystem capabilities 0.17 Olaf Dietsche
2007-10-31 17:08 ` Jan Kara
2007-11-01 19:49 ` Olaf Dietsche
2007-11-01 21:54 ` Jan Kara
2007-11-01 22:22 ` Olaf Dietsche
2007-11-02 4:21 ` Casey Schaufler
2007-11-02 9:07 ` Olaf Dietsche
2007-11-05 11:09 ` Jan Kara
2007-11-07 14:42 ` Olaf Dietsche
2007-10-31 17:36 ` Serge E. Hallyn
2007-11-01 19:54 ` Olaf Dietsche [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mytx91y6.fsf@olafdietsche.de \
--to=olaf+list.linux-kernel@olafdietsche.de \
--cc=chrisw@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=sds@epoch.ncsc.mil \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox