Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges

From: Pavel Machek <hidden>
Date: 2010-01-01 10:28:44
Also in: lkml

Possibly related (same subject, not in this thread)

2010-01-03 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Peter Dolding <hidden>
2010-01-02 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Peter Dolding <hidden>
2010-01-01 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Casey Schaufler <casey@schaufler-ca.com>
2010-01-01 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Alan Cox <hidden>
2010-01-01 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Casey Schaufler <casey@schaufler-ca.com>

quoted

Added bprm->nosuid to make remove the need to add
duplicate error prone checks.  This ensures that
the disabling of suid executables is exactly the
same as MNT_NOSUID.

Another fine example of why we have security hooks so that we don't get a
kernel full of other "random security idea of the day" hacks.

well... new unshare functionality depends on this. if unshare is
important enough, this may not be lsm.

(and disablenetwork *should* depend on this)
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help