On Wed, 3 Jan 2018 09:21:16 -0800
Kees Cook wrote:
> The more interesting thing here is that secureexec is set for a
> process that ISN'T actually setuid. (ptrace of a setuid process). I
> think tha'ts the real bug, but not something I'm going to be able to
> fix quickly. So, for now, I want to
On Wed, 3 Jan 2018 09:21:16 -0800
Kees Cook wrote:
> The more interesting thing here is that secureexec is set for a
> process that ISN'T actually setuid. (ptrace of a setuid process). I
> think tha'ts the real bug, but not something I'm going to be able to
> fix quickly. So, for now, I want to
Quoting Kees Cook (keesc...@chromium.org):
> On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote:
> > On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
> >> This is a logical revert of:
> >>
> >> commit e37fdb785a5f ("exec: Use secureexec for setting
Quoting Kees Cook (keesc...@chromium.org):
> On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote:
> > On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
> >> This is a logical revert of:
> >>
> >> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
> >>
> >> This
On 01/03/2018 09:21 AM, Kees Cook wrote:
On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote:
On Wed, 3 Jan 2018 01:04:44 -0600
Serge E. Hallyn wrote:
This weakens dumpability back to checking only for uid/gid changes in
current (which is useless), but userspace depends
On 01/03/2018 09:21 AM, Kees Cook wrote:
On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote:
On Wed, 3 Jan 2018 01:04:44 -0600
Serge E. Hallyn wrote:
This weakens dumpability back to checking only for uid/gid changes in
current (which is useless), but userspace depends on dumpability not
On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote:
> On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
>> This is a logical revert of:
>>
>> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
>>
>> This weakens dumpability back to checking
On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote:
> On Wed, 3 Jan 2018 01:04:44 -0600
> Serge E. Hallyn wrote:
>
>> > This weakens dumpability back to checking only for uid/gid changes in
>> > current (which is useless), but userspace depends on dumpability not
>> > being
On Tue, Jan 2, 2018 at 11:06 PM, Serge E. Hallyn wrote:
> On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
>> This is a logical revert of:
>>
>> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
>>
>> This weakens dumpability back to checking only for uid/gid
On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote:
> On Wed, 3 Jan 2018 01:04:44 -0600
> Serge E. Hallyn wrote:
>
>> > This weakens dumpability back to checking only for uid/gid changes in
>> > current (which is useless), but userspace depends on dumpability not
>> > being tied to secureexec.
>>
On Wed, 3 Jan 2018 01:04:44 -0600
Serge E. Hallyn wrote:
> > This weakens dumpability back to checking only for uid/gid changes in
> > current (which is useless), but userspace depends on dumpability not
> > being tied to secureexec.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1528633
>
On Wed, 3 Jan 2018 01:04:44 -0600
Serge E. Hallyn wrote:
> > This weakens dumpability back to checking only for uid/gid changes in
> > current (which is useless), but userspace depends on dumpability not
> > being tied to secureexec.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1528633
>
On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
> This is a logical revert of:
>
> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
>
> This weakens dumpability back to checking only for uid/gid changes in
> current (which is useless), but userspace depends on
On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
> This is a logical revert of:
>
> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
>
> This weakens dumpability back to checking only for uid/gid changes in
> current (which is useless), but userspace depends on
On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
> This is a logical revert of:
>
> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
>
> This weakens dumpability back to checking only for uid/gid changes in
> current (which is useless), but userspace depends on
On Tue, Jan 02, 2018 at 03:21:33PM -0800, Kees Cook wrote:
> This is a logical revert of:
>
> commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
>
> This weakens dumpability back to checking only for uid/gid changes in
> current (which is useless), but userspace depends on
This is a logical revert of:
commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
This weakens dumpability back to checking only for uid/gid changes in
current (which is useless), but userspace depends on dumpability not
being tied to secureexec.
This is a logical revert of:
commit e37fdb785a5f ("exec: Use secureexec for setting dumpability")
This weakens dumpability back to checking only for uid/gid changes in
current (which is useless), but userspace depends on dumpability not
being tied to secureexec.
18 matches
Mail list logo