Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities

From: Paul E. McKenney
Date: Sun Feb 01 2015 - 14:45:27 EST

Next message: KY Srinivasan: "RE: [PATCH 2/3] hv: vmbus_post_msg: retry the hypercall on HV_STATUS_INVALID_CONNECTION_ID"
Previous message: Oleg Nesterov: "Re: Linux 3.19-rc5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Feb 01, 2015 at 12:33:23AM +0100, Richard Weinberger wrote:
> Am 01.02.2015 um 00:30 schrieb Paul E. McKenney:
> > On Fri, Jan 30, 2015 at 10:56:14PM +0100, Richard Weinberger wrote:
> >> On Fri, Jan 30, 2015 at 10:40 PM, Josh Triplett <josh@xxxxxxxxxxxxxxxx> wrote:
> >>> *Today*, Linux is a challenging choice for a tiny embedded system.
> >>> We're trying to fix that.
> >>
> >> Can you please more specific about the embedded systems exactly you're
> >> talking about?
> >>
> >> I find this patch rather controversial as it removes a lot of security.
> >> Embedded systems *are* a target for all kind of attacks.
> >> Misguided embedded engineers will abuse this feature and produce even more
> >> weak targets.
> >
> > Without this patch, those same engineers would simply run everything as
> > root. "Make a foolproof system, and they will invent a better fool". ;-)
>
> Luckily many services will run as non-root by default and some even refuse to
> run as root. :-)

Here is hoping that this helps those engineers to use a decent security
model for their devices! ;-)

Thanx, Paul

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KY Srinivasan: "RE: [PATCH 2/3] hv: vmbus_post_msg: retry the hypercall on HV_STATUS_INVALID_CONNECTION_ID"
Previous message: Oleg Nesterov: "Re: Linux 3.19-rc5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]