Re: [rfc] fcntl: Add F_GETOWNER_UIDS option

From: Cyrill Gorcunov
Date: Fri Mar 30 2012 - 15:56:57 EST

Next message: Greg KH: "[ 000/175] 3.3.1-stable review"
Previous message: Len Brown: "Re: [GIT PULL] ACPI & Power Management patches for Linux-3.4-merge"
In reply to: Kees Cook: "Re: [rfc] fcntl: Add F_GETOWNER_UIDS option"
Next in thread: Oleg Nesterov: "Re: [rfc] fcntl: Add F_GETOWNER_UIDS option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 30, 2012 at 12:46:51PM -0700, Kees Cook wrote:
> >>
> >> I meant the dumper. Yes, at moment f_get/setown requires no privileges
> >> but I'm not sure if uid/euid is same or less sensible information
> >> than pid, that's why I though CAP_FOWNER might be worth to add, no?
> >
> > Hmm, I would say no, but that might be a good question for kees.
> >
> > IMO it's not sensitive information and so no sense requiring privilege
> > (and encouraging handing out of extra privilage to get at the info)
>
> Nothing jumps out at me about just seeing uid/euid. Everything can be
> construed as an information leak, but this don't seem like something
> that needs special protection.

OK, thanks Kees.

Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[ 000/175] 3.3.1-stable review"
Previous message: Len Brown: "Re: [GIT PULL] ACPI & Power Management patches for Linux-3.4-merge"
In reply to: Kees Cook: "Re: [rfc] fcntl: Add F_GETOWNER_UIDS option"
Next in thread: Oleg Nesterov: "Re: [rfc] fcntl: Add F_GETOWNER_UIDS option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]