Re: [PATCH PLACEHOLDER 1/3] fs/exec: "always_unprivileged" patch

From: Linus Torvalds
Date: Thu Jan 12 2012 - 18:48:31 EST

Next message: Greg White: "RE: MULTIP LE WARNING: at fs/sy sfs/dir.c:455 sysfs_ add_one‏‏"
Previous message: Alan Cox: "Re: [PATCH] TTY: fix UV serial console regression"
In reply to: Will Drewry: "Re: [PATCH v3 2/3] seccomp_filters: system call filtering using BPF"
Next in thread: Will Drewry: "Re: [PATCH PLACEHOLDER 1/3] fs/exec: "always_unprivileged" patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 12, 2012 at 3:38 PM, Will Drewry <wad@xxxxxxxxxxxx> wrote:
> This patch is a placeholder until Andy's (luto@xxxxxxx) patch arrives
> implementing Linus's proposal for applying a "this is a process that has
> *no* extra privileges at all, and can never get them".

I think we can simplify and improve the naming/logic by just saying
"can't change privileges".

I'd argue that that even includes "can't drop them", just to make it
really clear what the rules are.

So the usage model would be to first simply set the privileges to
whatever you want the sandbox to be, and then enter the restricted
mode.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg White: "RE: MULTIP LE WARNING: at fs/sy sfs/dir.c:455 sysfs_ add_one‏‏"
Previous message: Alan Cox: "Re: [PATCH] TTY: fix UV serial console regression"
In reply to: Will Drewry: "Re: [PATCH v3 2/3] seccomp_filters: system call filtering using BPF"
Next in thread: Will Drewry: "Re: [PATCH PLACEHOLDER 1/3] fs/exec: "always_unprivileged" patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]