Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4)

From: Pavel Machek
Date: Thu Jan 14 2010 - 10:03:13 EST

Please fix your email settings.

On Tue 2010-01-12 18:30:56, David Wagner wrote:
> Serge E. Hallyn wrote:
> >Michael, I'm sorry, I should go back and search the thread for the
> >answer, but don't have time right now - do you really need
> >disablenetwork to be available to unprivileged users?
> I don't know about Michael's specific case, but answering more
> broadly, Yes. There are important use cases for disablenetwork for
> unprivileged users. Basically, it facilitates privilege separation,
> which is hard to do today. A privilege-separated software architecture
> is useful for a broad variety of programs that talk to the network --
> some/many of which are unprivileged. For instance, the very original
> post on this topic referred to a proposal by Dan Bernstein, where Dan
> points out that (for instance) it would make be useful if we could start
> a separate process for decompression (or image file transformation),
> running that separate process with no privileges (including no network
> access) to reduce the impact of vulnerabilities in that code. Think
> of, say, a browser that needs to convert a .jpg to a bitmap; that
> would be an example of an unprivileged program that could benefit
> from the disablenetwork feature, because it could spawn a separate
> process to do the image conversion.

That's still ok; but is there need for unpriviledged helper executing
setuid probgrams? I don't think so...
(cesky, pictures)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at