Re: [RFC][PATCHES] iov_iter.c rewrite
From: Dave Jones
Date: Mon Dec 08 2014 - 14:16:14 EST
On Mon, Dec 08, 2014 at 11:01:41AM -0800, Linus Torvalds wrote:
> On Mon, Dec 8, 2014 at 10:56 AM, Kirill A. Shutemov
> <kirill@xxxxxxxxxxxxx> wrote:
> >
> > trinity triggers it for me in few minutes. I will try find out more once
> > get some time.
>
> You run trinity as *root*?
>
> You're a brave man. Stupid, but brave ;)
>
> I guess you're running it in a VM, but still.. Doing random system
> calls as root sounds like a bad bad idea.
I've flip-flopped on this a few times. I used to be solidly in the same
position as your statement, but after seeing the things the secure-boot
crowd want to lock down, there are a ton of places in the kernel that
would need additional root-proofing to avoid scribbling over kernel
memory.
In short though, yeah, expect fireworks right now, especially on bare-metal.
At the same time, just to increase coverage testing of a lot of
root-required functionality (like various network sockets that can't be
opened as a regular user) I added a --drop-privs mode to trinity a while
ago, so after the socket creation, it can't do anything _too_ crazy.
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/