On 20/04/23 09:06, Cristian Rodríguez wrote: > > > On Thu, Apr 20, 2023 at 7:47 AM Adhemerval Zanella Netto > <adhemerval.zane...@linaro.org <mailto:adhemerval.zane...@linaro.org>> wrote: > > > > > I am not really sure how effective is this hardening, it seems more a > development one to enforce that system daemon are spawned correctly. > > > Exactly, my understanding is that it is a futile exercise ..if one sufficient > privilege at that stage one can do whatever is desired.. why even bother > messing with the standard fds.. I don't have a strong opinion, but I tend to agree that this hardening does not add much specially now that we have a lot of granular ways to limit process execution (such as capabilities, seccomp, etc.).
- Re: [RFC PATCH v2 1/7] misc: Convert dae... Samuel Thibault
- [RFC PATCH v2 2/7] misc: Ignore SIGHUP in daemon ... Sergey Bugaev
- Re: [RFC PATCH v2 2/7] misc: Ignore SIGHUP i... Adhemerval Zanella Netto
- [RFC PATCH v2 4/7] csu: Fix standard fds' mode Sergey Bugaev
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds... Cristian Rodríguez
- Re: [RFC PATCH v2 4/7] csu: Fix standard... Sergey Bugaev
- Re: [RFC PATCH v2 4/7] csu: Fix stan... Adhemerval Zanella Netto
- Re: [RFC PATCH v2 4/7] csu: Fix ... Sergey Bugaev
- Re: [RFC PATCH v2 4/7] csu:... Adhemerval Zanella Netto
- Re: [RFC PATCH v2 4/7] ... Cristian Rodríguez
- Re: [RFC PATCH v2 4/7] ... Adhemerval Zanella Netto
- Re: [RFC PATCH v2 4/7] ... Paul Eggert
- [RFC PATCH v2 3/7] Use O_CLOEXEC in more places (... Sergey Bugaev
- Re: [RFC PATCH v2 3/7] Use O_CLOEXEC in more... Adhemerval Zanella Netto
- Re: [RFC PATCH v2 3/7] Use O_CLOEXEC in ... Samuel Thibault
- [RFC PATCH v2 6/7] include/fcntl.h: Define O_IGNO... Sergey Bugaev