On Fri, May 1, 2015 at 9:48 PM, Andy Lutomirski wrote:
> Havoc, am I missing something here? If I'm right about this aspect of
> D-Bus, then I'm a bit surprised.
>
I'm not well-informed about Binder, though from reading about it, it
seems to be modeled on and comparable to COM.
>From what I can
On Mon, Apr 27, 2015 at 9:33 AM, David Herrmann wrote:
> On Mon, Apr 27, 2015 at 6:13 PM, Andy Lutomirski wrote:
>> 2. This is a nice thought, but it doesn't work in practice. Sorry.
>> I can give you a big pile of CVEs from last year if you like, or I can
>> try explaining again.
>>
>> The iss
Hi
On Mon, Apr 27, 2015 at 6:13 PM, Andy Lutomirski wrote:
from the client that accesses a service. The client asks a service
provider to perform an action. The service provider then asks the
authorization-framework, whether the client is authorized to run the
action.
>>>
>>>
On Mon, Apr 27, 2015 at 8:50 AM, David Herrmann wrote:
> Hi
>
> On Mon, Apr 27, 2015 at 4:57 PM, One Thousand Gnomes
> wrote:
>>> But this is not how authorization with polkit works (or anything
>>> similar to polkit). The authorization-framework is totally separated
>>
>> Thats a detail which is
Hi
On Mon, Apr 27, 2015 at 4:57 PM, One Thousand Gnomes
wrote:
>> But this is not how authorization with polkit works (or anything
>> similar to polkit). The authorization-framework is totally separated
>
> Thats a detail which is changeable
It's not a detail, it's a design choice. But see at th
> But this is not how authorization with polkit works (or anything
> similar to polkit). The authorization-framework is totally separated
Thats a detail which is changeable
> from the client that accesses a service. The client asks a service
> provider to perform an action. The service provider t
On Thu, Apr 23, 2015 at 12:41:18PM -0700, Andy Lutomirski wrote:
> On Thu, Apr 23, 2015 at 11:48 AM, Linus Torvalds
> wrote:
> > On Thu, Apr 23, 2015 at 10:57 AM, Linus Torvalds
[...]
> Objection 2: There's a difference between the printer daemon knowing
> that Angry Penguins has general permissio
Hi
On Fri, Apr 24, 2015 at 12:08 AM, Andy Lutomirski wrote:
> Enter kdbus. We now have an unbounded number of possible kdbus calls,
> and somehow users are supposed to keep track of which privileges the
> hold affect which kdbus calls. Either each method should document
> which privileges it lo
Linus wrote:
> It would be insane to say that the open system call should have an
> explicit argument saying that the vfs layer should take your privileges
> into account.
On the contrary, it would be a big improvement on the current interface.
To be clearer, it would be great if the open system
On Thu, Apr 23, 2015 at 2:05 PM, Linus Torvalds
wrote:
> On Thu, Apr 23, 2015 at 12:41 PM, Andy Lutomirski wrote:
>> Objection 2: There's a difference between the printer daemon knowing
>> that Angry Penguins has general permission to print and an explicit
>> assertion by Angry Penguins of its pe
On Thu, Apr 23, 2015 at 12:41 PM, Andy Lutomirski wrote:
>
> Objection 1: This thing is omnidirectional. I'm much less convinced
> that it's okay for Angry Penguins or its associated ad network to find
> out that the printer daemon is uid 38, that it's in cgroup
> such-and-such, or that the print
On Thu, Apr 23, 2015 at 11:48 AM, Linus Torvalds
wrote:
> On Thu, Apr 23, 2015 at 10:57 AM, Linus Torvalds
> wrote:
>>
>> Same goes for uid etc - if you are implementing a service daemon, the
>> uid of the requester sure as hell makes a ton of difference in what
>> you might want to expose. Thing
12 matches
Mail list logo
