Re: PATCH: signals security

Alexander Kjeldaas (astor@guardian.no)
Fri, 22 May 1998 11:42:37 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: disabling interrupts?"
Previous message: Rik van Riel: "Re: mem=64MB oh yes! mem=128MB oh no! (2.0.34pre16)"

On Fri, May 22, 1998 at 03:55:40AM +0200, Rik van Riel wrote:
> On Fri, 22 May 1998, Alexander Kjeldaas wrote:
>
> > However, I'm not sure whether this cap_dirty thing is generally
> > useful, or whether all that is needed is a special-case for
> > CAP_RAW_IO. Generalizing it through cap_dirty, however is probably as
> > simple as a patch implementing a single PF_RAWIO flag.
>
> We can use it for all sorts of things. We might, for
> instance use it in the scheduler, in network or VM
> stuff or in other places.
>
> Another use for it is to let the programmer of
> security-dangerous programs know how much of the
> capabilities requested are actually used.
> This might give better security in the long run
> because programs will only ask for the capabilities
> they actually need.

Yes. Maybe.

>
> Exporting it in /proc probably _is_ a good idea.
> You can just disallow access to other users and
> return zero when p->euid!=p->uid.
>

Exporting cap_used is a good idea. I still don't think exporting
cap_dirty is a good idea since you have to know that none of the bits
in cap_dirty were tainted in a process whose euid!=current->euid.

astor

-- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu

Next message: Alan Cox: "Re: disabling interrupts?"
Previous message: Rik van Riel: "Re: mem=64MB oh yes! mem=128MB oh no! (2.0.34pre16)"