On Wed, Nov 5, 2014 at 9:21 AM, David Drysdale wrote:
> On Tue, Nov 4, 2014 at 9:40 AM, David Drysdale wrote:
>> On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman
>> wrote:
>>> On November 3, 2014 7:42:58 AM PST, Andy Lutomirski
>>> wrote:
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
wrote
On Tue, Nov 4, 2014 at 9:40 AM, David Drysdale wrote:
> On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman
> wrote:
>> On November 3, 2014 7:42:58 AM PST, Andy Lutomirski
>> wrote:
>>>On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
>>>wrote:
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale
On Mon, Nov 3, 2014 at 5:22 PM, Eric W.Biederman wrote:
> On November 3, 2014 7:42:58 AM PST, Andy Lutomirski
> wrote:
>>On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
>>wrote:
>>> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
Add a new O_BENEATH flag for openat(2) which restric
On Mon, Nov 3, 2014 at 10:25 AM, Julien Tinnes wrote:
> On Mon, Nov 3, 2014 at 9:37 AM, David Drysdale wrote:
>>
>> On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski
>> wrote:
>> > On Mon, Nov 3, 2014 at 7:20 AM, Al Viro wrote:
>> >> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
On Mon, Nov 3, 2014 at 9:37 AM, David Drysdale wrote:
> On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski wrote:
>> This is extremely useful in conjunction with seccomp.
>
> Yes, that was my understanding of how the Chrome[OS] folk wanted
> to use it.
Yes, exactly. Without this, if we want to give
On Mon, Nov 3, 2014 at 3:42 PM, Andy Lutomirski wrote:
> On Mon, Nov 3, 2014 at 7:20 AM, Al Viro wrote:
>> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
>>> Add a new O_BENEATH flag for openat(2) which restricts the
>>> provided path, rejecting (with -EACCES) paths that are not
On November 3, 2014 7:42:58 AM PST, Andy Lutomirski wrote:
>On Mon, Nov 3, 2014 at 7:20 AM, Al Viro
>wrote:
>> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
>>> Add a new O_BENEATH flag for openat(2) which restricts the
>>> provided path, rejecting (with -EACCES) paths that ar
On Mon, Nov 3, 2014 at 7:20 AM, Al Viro wrote:
> On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
>> Add a new O_BENEATH flag for openat(2) which restricts the
>> provided path, rejecting (with -EACCES) paths that are not beneath
>> the provided dfd. In particular, reject:
>> - pa
On Mon, Nov 03, 2014 at 11:48:23AM +, David Drysdale wrote:
> Add a new O_BENEATH flag for openat(2) which restricts the
> provided path, rejecting (with -EACCES) paths that are not beneath
> the provided dfd. In particular, reject:
> - paths that contain .. components
> - paths that begin w
Add a new O_BENEATH flag for openat(2) which restricts the
provided path, rejecting (with -EACCES) paths that are not beneath
the provided dfd. In particular, reject:
- paths that contain .. components
- paths that begin with /
- symlinks that have paths as above.
Signed-off-by: David Drysdale
10 matches
Mail list logo