On Sat, Nov 07, 2015 at 12:02:47PM +0100, Klaus Ethgen wrote:
> Hi Guys,
>
> Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> > I would have been happy if there had been a default-off PR_ENABLE_AMBIENT
> > prctl which required a new CAP_ENABLE_AMBIENT capability to turn on, but
> > the
On Sat, Nov 07, 2015 at 12:02:47PM +0100, Klaus Ethgen wrote:
> Hi Guys,
>
> Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> > I would have been happy if there had been a default-off PR_ENABLE_AMBIENT
> > prctl which required a new CAP_ENABLE_AMBIENT capability to turn on, but
> > the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Guys,
Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > > In the light of that, using things like ambient
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Guys,
Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > > In the light of that, using things like ambient
On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > In the light of that, using things like ambient capabilities, or using
> > setuid binary that immediately drops all caps that it needs, is
> > probably the best we're going to
On Fri, Nov 06, 2015 at 09:51:15AM -0800, Casey Schaufler wrote:
> On 11/6/2015 7:53 AM, Theodore Ts'o wrote:
> > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> >> But that left out completely the, I think more important, usecase of
> >> _removing_ SUID completely and _replacing_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> > But that left out completely the, I think more important, usecase of
> > _removing_ SUID completely and _replacing_ it with
On 11/6/2015 7:53 AM, Theodore Ts'o wrote:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
>> But that left out completely the, I think more important, usecase of
>> _removing_ SUID completely and _replacing_ it with very tight capability
>> setting. And that is what I always
On Fri, Nov 6, 2015 at 7:53 AM, Theodore Ts'o wrote:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
>> But that left out completely the, I think more important, usecase of
>> _removing_ SUID completely and _replacing_ it with very tight capability
>> setting. And that is what I
On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> But that left out completely the, I think more important, usecase of
> _removing_ SUID completely and _replacing_ it with very tight capability
> setting. And that is what I always talked about.
I don't believe this is ever going to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Do den 5. Nov 2015 um 23:08 schrieb Serge E. Hallyn:
> On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote:
> > On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote:
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA512
> >
On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> But that left out completely the, I think more important, usecase of
> _removing_ SUID completely and _replacing_ it with very tight capability
> setting. And that is what I always talked about.
I don't believe this is ever going to
On Fri, Nov 6, 2015 at 7:53 AM, Theodore Ts'o wrote:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
>> But that left out completely the, I think more important, usecase of
>> _removing_ SUID completely and _replacing_ it with very tight capability
>> setting. And
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Do den 5. Nov 2015 um 23:08 schrieb Serge E. Hallyn:
> On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote:
> > On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote:
> > > -BEGIN PGP SIGNED MESSAGE-
On 11/6/2015 7:53 AM, Theodore Ts'o wrote:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
>> But that left out completely the, I think more important, usecase of
>> _removing_ SUID completely and _replacing_ it with very tight capability
>> setting. And that is what I always
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> > But that left out completely the, I think more important, usecase of
> > _removing_ SUID completely and _replacing_ it with
On Fri, Nov 06, 2015 at 09:51:15AM -0800, Casey Schaufler wrote:
> On 11/6/2015 7:53 AM, Theodore Ts'o wrote:
> > On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> >> But that left out completely the, I think more important, usecase of
> >> _removing_ SUID completely and _replacing_
On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > In the light of that, using things like ambient capabilities, or using
> > setuid binary that immediately drops all caps that it needs, is
> > probably the best we're going to
18 matches
Mail list logo