Re: [kernel-hardening] [PATCH] lib: harden strncpy_from_user

2016-10-17 Thread Loganaden Velvindron
On Mon, Oct 17, 2016 at 5:04 PM, Mark Rutland wrote: > On Fri, Aug 26, 2016 at 02:57:58PM -0400, Kees Cook wrote: >> On Fri, Aug 26, 2016 at 10:31 AM, Mark Rutland wrote: >> > The strncpy_from_user() accessor is effectively a copy_from_user() >> >

Re: [kernel-hardening] [PATCH] lib: harden strncpy_from_user

2016-10-17 Thread Loganaden Velvindron
On Mon, Oct 17, 2016 at 5:04 PM, Mark Rutland wrote: > On Fri, Aug 26, 2016 at 02:57:58PM -0400, Kees Cook wrote: >> On Fri, Aug 26, 2016 at 10:31 AM, Mark Rutland wrote: >> > The strncpy_from_user() accessor is effectively a copy_from_user() >> > specialised to copy strings, terminating early

Re: [RFC PATCH 00/11] Adding FreeBSD's Capsicum security framework (part 1)

2014-07-03 Thread Loganaden Velvindron
On Thu, Jul 3, 2014 at 1:12 PM, Paolo Bonzini wrote: > Il 30/06/2014 12:28, David Drysdale ha scritto: >> >> Hi all, >> >> The last couple of versions of FreeBSD (9.x/10.x) have included the >> Capsicum security framework [1], which allows security-aware >> applications to sandbox themselves in a

Re: [RFC PATCH 00/11] Adding FreeBSD's Capsicum security framework (part 1)

2014-07-03 Thread Loganaden Velvindron
On Thu, Jul 3, 2014 at 1:12 PM, Paolo Bonzini pbonz...@redhat.com wrote: Il 30/06/2014 12:28, David Drysdale ha scritto: Hi all, The last couple of versions of FreeBSD (9.x/10.x) have included the Capsicum security framework [1], which allows security-aware applications to sandbox

Re: [PATCH 01/11] fs: add O_BENEATH_ONLY flag to openat(2)

2014-07-01 Thread Loganaden Velvindron
On Tue, Jul 1, 2014 at 1:53 PM, David Drysdale wrote: > On Mon, Jun 30, 2014 at 01:40:40PM -0700, Andi Kleen wrote: >> David Drysdale writes: >> >> > Add a new O_BENEATH_ONLY flag for openat(2) which restricts the >> > provided path, rejecting (with -EACCES) paths that are not beneath >> > the

Re: [PATCH 01/11] fs: add O_BENEATH_ONLY flag to openat(2)

2014-07-01 Thread Loganaden Velvindron
On Tue, Jul 1, 2014 at 1:53 PM, David Drysdale drysd...@google.com wrote: On Mon, Jun 30, 2014 at 01:40:40PM -0700, Andi Kleen wrote: David Drysdale drysd...@google.com writes: Add a new O_BENEATH_ONLY flag for openat(2) which restricts the provided path, rejecting (with -EACCES) paths that