On 12/22/2012 05:58 PM, Maxim Kammerer wrote:
Hi Anthony,
Is user.* xattrs on tmpfs considered safe now? (Referring to
meeting-2012-11-14_20_00UTC.log.)
As a side note, why does XATTR_PAX use user.* and not security.* namespace?
An updated patch by pipacs limits tmpfs to just user.pax.* namespace,
and even then there is a size limit. The size check is critical and
what was originally missing.
XATTR_PAX uses user.* so that a non-privileged user can set flags on
their own ELF objects as they can with PT_PAX. Primarily the concern is
on processes running as root. There PaX hedges against escalation.
There is no danger of escalation when it comes to processes that below
to a low privileged user.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
