"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> ebied...@xmission.com (Eric W. Biederman) writes:
>>
>> > "Serge E. Hallyn" writes:
>> >
>> >> Quoting Eric W. Biederman (ebied...@xmission.com):
>> >>>
>> >>> "Serge E. Hallyn" writes:
>> >>>
>> >>> > diff --g
Quoting Eric W. Biederman (ebied...@xmission.com):
> ebied...@xmission.com (Eric W. Biederman) writes:
>
> > "Serge E. Hallyn" writes:
> >
> >> Quoting Eric W. Biederman (ebied...@xmission.com):
> >>>
> >>> "Serge E. Hallyn" writes:
> >>>
> >>> > diff --git a/fs/xattr.c b/fs/xattr.c
> >>> > in
ebied...@xmission.com (Eric W. Biederman) writes:
> "Serge E. Hallyn" writes:
>
>> Quoting Eric W. Biederman (ebied...@xmission.com):
>>>
>>> "Serge E. Hallyn" writes:
>>>
>>> > diff --git a/fs/xattr.c b/fs/xattr.c
>>> > index 7e3317c..75cc65a 100644
>>> > --- a/fs/xattr.c
>>> > +++ b/fs/xattr
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>>
>> "Serge E. Hallyn" writes:
>>
>> Overall this looks quite reasonable.
>>
>> My only big concern was the lack of verifying of magic_etc. As without
>
> Yes, I was relying too much on the size check.
>
>> that
Quoting Eric W. Biederman (ebied...@xmission.com):
>
> "Serge E. Hallyn" writes:
>
> Overall this looks quite reasonable.
>
> My only big concern was the lack of verifying of magic_etc. As without
Yes, I was relying too much on the size check.
> that the code might not be future compatible w
"Serge E. Hallyn" writes:
> Root in a non-initial user ns cannot be trusted to write a traditional
> security.capability xattr. If it were allowed to do so, then any
> unprivileged user on the host could map his own uid to root in a private
> namespace, write the xattr, and execute the file wit
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>>
>> Serge,
>>
>> Is there any change of a Signed-off-by on this patch? Otherwise I don't
>> think we can merge it.
>
> For pete's sake! I'm sorry, i seem to remember with just about every
> other project other th
Quoting Eric W. Biederman (ebied...@xmission.com):
>
> Serge,
>
> Is there any change of a Signed-off-by on this patch? Otherwise I don't
> think we can merge it.
For pete's sake! I'm sorry, i seem to remember with just about every
other project other than this. particular. patch.
Does this
Serge,
Is there any change of a Signed-off-by on this patch? Otherwise I don't
think we can merge it.
Eric
"Serge E. Hallyn" writes:
> Root in a non-initial user ns cannot be trusted to write a traditional
> security.capability xattr. If it were allowed to do so, then any
> unprivileged use
Root in a non-initial user ns cannot be trusted to write a traditional
security.capability xattr. If it were allowed to do so, then any
unprivileged user on the host could map his own uid to root in a private
namespace, write the xattr, and execute the file with privilege on the
host.
However sup
10 matches
Mail list logo
