From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm@xmission.com (Eric W. Biederman) Subject: Re: RFC: disablenetwork facility. (v4) Date: Tue, 29 Dec 2009 12:56:44 -0800 Message-ID: References: <20091229050114.GC14362@heat> <20091229151146.GA32153@us.ibm.com> <3e8340490912290805s103fb789y13acea4a84669b20@mail.gmail.com> <20091229163939.GA6984@us.ibm.com> <3e8340490912290901y60d7daf2w5778c25f44972955@mail.gmail.com> <3e8340490912291108t7e000e75p8264fa585f831464@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Serge E. Hallyn" , Michael Stone , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-security-module@vger.kernel.org, Andi Kleen , David Lang , Oliver Hartkopp , Alan Cox , Herbert Xu , Valdis Kletnieks , Evgeniy Polyakov , "C. Scott Ananian" , James Morris , Bernie Innocenti , Mark Seaborn , Randy Dunlap , =?iso-8859-1?Q?Am=E9rico?= Wang , Tetsuo Handa , Samir Bellabes , Casey Schaufler , Pavel Machek , Al Viro To: Bryan Donlan Return-path: In-Reply-To: <3e8340490912291108t7e000e75p8264fa585f831464@mail.gmail.com> (Bryan Donlan's message of "Tue\, 29 Dec 2009 14\:08\:30 -0500") Sender: linux-security-module-owner@vger.kernel.org List-Id: netdev.vger.kernel.org Bryan Donlan writes: > It's probably reasonable to require that real == effective == saved == > fs UID (and same for GID); anything else brings up sticky issues of > "which UID is a higher capability?" > If a process does this call, it's effectively saying that the only way > it's going to be accessing resources beyond its current UID and > capabilities is by talking to another process over a (unix domain) > socket. Makes sense. Especially for the initial implementation, and it keeps the code size small. Eric