On Fri, Oct 4, 2013 at 9:02 AM, David Quigley wrote:
> Why is this an LSM and not something further up in the VFS? Why not make a
> sysctl for this and place it further up in the VFS? Has it already been
> rejected from there? If so why not include it in the things covered by Yama?
> From a code p
Why is this an LSM and not something further up in the VFS? Why not make
a sysctl for this and place it further up in the VFS? Has it already
been rejected from there? If so why not include it in the things covered
by Yama? From a code perspective I can't find anything wrong code wise
but it se
Pinging on this too. Any feedback?
-Kees
On Sat, Sep 21, 2013 at 03:59:59PM -0700, Kees Cook wrote:
> On systems where certain filesystem contents cannot be entirely trusted,
> it is beneficial to block mounts on symlinks. This makes sure that
> malicious filesystem contents cannot trigger the ov
3 matches
Mail list logo
