On 10/31/07, Crispin Cowan [EMAIL PROTECTED] wrote:
Peter Dolding wrote:
Lets end the bitrot. Start having bits go into the main OS security
features where they should be.
Linus categorically rejected this idea, several times, very clearly.
He did so because the security community
2007/10/31, Crispin Cowan [EMAIL PROTECTED]:
Peter Dolding wrote:
Lets end the bitrot. Start having bits go into the main OS security
features where they should be.
Linus categorically rejected this idea, several times, very clearly.
He did so because the security community cannot agree
Quoting Olaf Dietsche ([EMAIL PROTECTED]):
This patch implements filesystem capabilities. It allows to
run privileged executables without the need for suid root.
Changes:
- updated to 2.6.23
- fix const correctness
- fix secureexec
This patch is available at:
On Sat, 2007-10-27 at 08:14 +1000, James Morris wrote:
On Fri, 26 Oct 2007, Serge E. Hallyn wrote:
It wouldn't be much effort to rebase this patch against Linus's latest
tree. I am assuming that the static lsm patch is in there based on the
recent discussion on LKML?
Oh, sorry for
From 5bff8967f45a35f858b96ca673d9bf98eac53d49 Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn [EMAIL PROTECTED]
Date: Wed, 31 Oct 2007 11:22:04 -0500
Subject: [PATCH 1/1] file capabilities: allow sigcont within session (v2)
(This is a proposed fix to
Hello,
I found several places performing mknod and mkdir operations without the proper
security_inode_permission/mknod/mkdir checks. But I am not sure if it is that
usbfs does not use LSM at all or there are real security violations.
One such example is as follows.
In
The Clear and Important thing is there is already a single security framework.
The single security framework is the security that exists when no LSM
is loaded. It turns out the more I look most of my model already
exists just not being used effectively. There is a capabilities frame
work at
On 11/1/07, Casey Schaufler [EMAIL PROTECTED] wrote:
--- Peter Dolding [EMAIL PROTECTED] wrote:
Improvements to the single security framework are getting over looked.
Please post proposed patches.
I would have personally though selinux would have done Posix file
capabilities as a
On Wed, Oct 31, 2007 at 07:02:27PM -0500, Tan, Lin wrote:
Hello,
I found several places performing mknod and mkdir operations without
the proper security_inode_permission/mknod/mkdir checks. But I am not
sure if it is that usbfs does not use LSM at all or there are real
security violations.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[kernel/signal.c:check_kill_permission() could probably benefit from
getting more consistently indented!]
I'm not sure I can grok your comment. Did you mean:
/* as per, check_kill_permission(), permit if tasks have same uid */
As to content:
10 matches
Mail list logo