On Wed, Nov 5, 2014 at 9:21 AM, David Drysdale wrote:
> On Tue, Nov 4, 2014 at 9:40 AM, David Drysdale wrote:
>> On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman
>> wrote:
>>> On November 3, 2014 7:42:58 AM PST, Andy Lutomirski
>>> wrote:
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
On Tue, Nov 4, 2014 at 9:40 AM, David Drysdale wrote:
> On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman
> wrote:
>> On November 3, 2014 7:42:58 AM PST, Andy Lutomirski
>> wrote:
>>>On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
>>>wrote:
On Mon, Nov 03, 2014 at 11:48:23AM +, David
On Tue, Nov 4, 2014 at 9:40 AM, David Drysdale drysd...@google.com wrote:
On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman ebied...@xmission.com
wrote:
On November 3, 2014 7:42:58 AM PST, Andy Lutomirski l...@amacapital.net
wrote:
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
On Wed, Nov 5, 2014 at 9:21 AM, David Drysdale drysd...@google.com wrote:
On Tue, Nov 4, 2014 at 9:40 AM, David Drysdale drysd...@google.com wrote:
On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman ebied...@xmission.com
wrote:
On November 3, 2014 7:42:58 AM PST, Andy Lutomirski
On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman wrote:
> On November 3, 2014 7:42:58 AM PST, Andy Lutomirski
> wrote:
>>On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
>>wrote:
>>> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
Add a new O_BENEATH flag for openat(2) which
On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman ebied...@xmission.com wrote:
On November 3, 2014 7:42:58 AM PST, Andy Lutomirski l...@amacapital.net
wrote:
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro v...@zeniv.linux.org.uk
wrote:
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
On Mon, Nov 3, 2014 at 10:25 AM, Julien Tinnes wrote:
> On Mon, Nov 3, 2014 at 9:37 AM, David Drysdale wrote:
>>
>> On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski
>> wrote:
>> > On Mon, Nov 3, 2014 at 7:20 AM, Al Viro wrote:
>> >> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale
On Mon, Nov 3, 2014 at 9:37 AM, David Drysdale wrote:
> On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski wrote:
>> This is extremely useful in conjunction with seccomp.
>
> Yes, that was my understanding of how the Chrome[OS] folk wanted
> to use it.
Yes, exactly. Without this, if we want to
On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski wrote:
> On Mon, Nov 3, 2014 at 7:20 AM, Al Viro wrote:
>> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
>>> Add a new O_BENEATH flag for openat(2) which restricts the
>>> provided path, rejecting (with -EACCES) paths that are not
On November 3, 2014 7:42:58 AM PST, Andy Lutomirski wrote:
>On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
>wrote:
>> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
>>> Add a new O_BENEATH flag for openat(2) which restricts the
>>> provided path, rejecting (with -EACCES) paths that
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro wrote:
> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
>> Add a new O_BENEATH flag for openat(2) which restricts the
>> provided path, rejecting (with -EACCES) paths that are not beneath
>> the provided dfd. In particular, reject:
>> -
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
> Add a new O_BENEATH flag for openat(2) which restricts the
> provided path, rejecting (with -EACCES) paths that are not beneath
> the provided dfd. In particular, reject:
> - paths that contain .. components
> - paths that begin
Add a new O_BENEATH flag for openat(2) which restricts the
provided path, rejecting (with -EACCES) paths that are not beneath
the provided dfd. In particular, reject:
- paths that contain .. components
- paths that begin with /
- symlinks that have paths as above.
Signed-off-by: David
Add a new O_BENEATH flag for openat(2) which restricts the
provided path, rejecting (with -EACCES) paths that are not beneath
the provided dfd. In particular, reject:
- paths that contain .. components
- paths that begin with /
- symlinks that have paths as above.
Signed-off-by: David
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
Add a new O_BENEATH flag for openat(2) which restricts the
provided path, rejecting (with -EACCES) paths that are not beneath
the provided dfd. In particular, reject:
- paths that contain .. components
- paths that begin with
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro v...@zeniv.linux.org.uk wrote:
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
Add a new O_BENEATH flag for openat(2) which restricts the
provided path, rejecting (with -EACCES) paths that are not beneath
the provided dfd. In particular,
On November 3, 2014 7:42:58 AM PST, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro v...@zeniv.linux.org.uk
wrote:
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
Add a new O_BENEATH flag for openat(2) which restricts the
provided path,
On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro v...@zeniv.linux.org.uk wrote:
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
Add a new O_BENEATH flag for openat(2) which restricts the
provided path, rejecting
On Mon, Nov 3, 2014 at 9:37 AM, David Drysdale drysd...@google.com wrote:
On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote:
This is extremely useful in conjunction with seccomp.
Yes, that was my understanding of how the Chrome[OS] folk wanted
to use it.
Yes, exactly.
On Mon, Nov 3, 2014 at 10:25 AM, Julien Tinnes j...@chromium.org wrote:
On Mon, Nov 3, 2014 at 9:37 AM, David Drysdale drysd...@google.com wrote:
On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net
wrote:
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro v...@zeniv.linux.org.uk wrote:
20 matches
Mail list logo
