On Wed, Oct 09, 2013 at 06:27:22PM +0100, Andy Lutomirski wrote:
> On Wed, Oct 9, 2013 at 11:54 AM, Djalal Harouni wrote:
> > On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
> >> On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
> >> > On Fri, Oct 04, 2013 at 03:17:08PM
On Wed, Oct 09, 2013 at 06:27:22PM +0100, Andy Lutomirski wrote:
On Wed, Oct 9, 2013 at 11:54 AM, Djalal Harouni tix...@opendz.org wrote:
On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04,
On Wed, Oct 9, 2013 at 11:54 AM, Djalal Harouni wrote:
> On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
>> On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
>> > On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
>> >>
>> >> Exactly. Hence the NAK.
>> > But
On Wed, Oct 09, 2013 at 11:54:02AM +0100, Djalal Harouni wrote:
> On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
> > On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
> > > On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
> > >>
> > >> Exactly. Hence the
On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
> On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
> >>
> >> Exactly. Hence the NAK.
> > But Having two LSM Hooks there is really not practical!
>
> It'd
On Fri, Oct 04, 2013 at 05:35:22PM -0700, Eric W. Biederman wrote:
> Andy Lutomirski writes:
>
> > On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman
> > wrote:
> >> Andy Lutomirski writes:
> >>
> >>> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
> On Fri, Oct 04, 2013 at
On Fri, Oct 04, 2013 at 05:35:22PM -0700, Eric W. Biederman wrote:
Andy Lutomirski l...@amacapital.net writes:
On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman ebied...@xmission.com
wrote:
Andy Lutomirski l...@amacapital.net writes:
On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni
On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
Exactly. Hence the NAK.
But Having two LSM Hooks there is really not practical!
On Wed, Oct 09, 2013 at 11:54:02AM +0100, Djalal Harouni wrote:
On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
Exactly. Hence the
On Wed, Oct 9, 2013 at 11:54 AM, Djalal Harouni tix...@opendz.org wrote:
On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
Exactly. Hence
On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
> On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
>>
>> Exactly. Hence the NAK.
> But Having two LSM Hooks there is really not practical!
It'd doable *if* it turns out that it's the right solution.
But revoke seems much
On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
Exactly. Hence the NAK.
But Having two LSM Hooks there is really not practical!
It'd doable *if* it turns out that it's the right solution.
But revoke
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
> >> > On Fri, Oct 04, 2013 at 12:16:26PM
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct
Andy Lutomirski writes:
> On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman
> wrote:
>> Andy Lutomirski writes:
>>
>>> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 12:27 PM, Djalal
On Fri, Oct 4, 2013 at 3:59 PM, Andy Lutomirski wrote:
>
> I'd really like a solution where there are no read or write
> implementations in the entire kernel that check permissions. Failing
> that, just getting it for procfs would be nice. (uid_map, etc will
> probably need to be revoked on
On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman wrote:
> Andy Lutomirski writes:
>
>> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
>>> On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
>
> So sorry
Andy Lutomirski writes:
> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
>> On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
>>> On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
>>> > So sorry Andy, I don't follow what you are describing.
>>>
>>> And what
On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
> On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
>> On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
>> > On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
>> >> On Fri, Oct 4, 2013 at 12:11 PM, Djalal
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni wrote:
> >> > On Fri, Oct 04, 2013 at 07:34:08PM
On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
> On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
>> On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni wrote:
>> > On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
>> >> On Fri, Oct 4, 2013 at 7:23 PM, Djalal
On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni wrote:
> >> > On Fri, Oct 04, 2013 at 04:40:01PM
On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni wrote:
> On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
>> On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni wrote:
>> > On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
>> >> On Fri, Oct 4, 2013 at 9:59 AM, Djalal
On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni wrote:
> >> > On Thu, Oct 03, 2013 at 02:09:55PM
On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni wrote:
> On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
>> On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni wrote:
>> > On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
>> >> On Thu, Oct 3, 2013 at 1:13 PM, Djalal
On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
> >> On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni wrote:
> >> > On Thu, Oct 03, 2013 at 12:37:49PM
On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni wrote:
> On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
>> On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni wrote:
>> > On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
>> >> On Thu, Oct 3, 2013 at 12:29 PM, Djalal
On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
> On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
> >> On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni wrote:
> >> > On Thu, Oct 03, 2013 at 04:12:37PM
On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03,
On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3,
On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03,
On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3,
On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03,
On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4,
On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04,
On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
On Fri, Oct 4,
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct
On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4,
Andy Lutomirski l...@amacapital.net writes:
On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni tix...@opendz.org wrote:
So sorry Andy, I don't follow what
On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
On Fri, Oct 4, 2013 at 12:27 PM,
On Fri, Oct 4, 2013 at 3:59 PM, Andy Lutomirski l...@amacapital.net wrote:
I'd really like a solution where there are no read or write
implementations in the entire kernel that check permissions. Failing
that, just getting it for procfs would be nice. (uid_map, etc will
probably need to be
Andy Lutomirski l...@amacapital.net writes:
On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman ebied...@xmission.com
wrote:
Andy Lutomirski l...@amacapital.net writes:
On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni tix...@opendz.org wrote:
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy
On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni wrote:
> On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
>> On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni wrote:
>> > On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
>> >> On Thu, Oct 3, 2013 at 3:36 PM, Djalal
On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
> On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
> >> On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni wrote:
> >> > On Wed, Oct 02, 2013 at 05:44:17PM
On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni wrote:
> On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
>> On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni wrote:
>> > On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
>> >> On Wed, Oct 2, 2013 at 3:55 PM, Djalal
eds to get called. (Think
> about setcap'd programs instead of setuid programs.)
Yes, I already did this, not only setuid, capabilities also are handled
See the whole patch, please!
Yes, and speaking about LSMs I've mentioned in my patches and doc, that
the proposed function proc_allow_access() should be used after
On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni wrote:
> On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
>> On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni wrote:
>> > On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
>> >> On 10/01/2013 01:26 PM, Djalal Harouni
On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
> On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni wrote:
> > On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
> >> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> >> > Since /proc entries varies at runtime, permission
On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni tix...@opendz.org wrote:
On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
On 10/01/2013 01:26 PM, Djalal Harouni wrote:
Since /proc entries varies at runtime,
On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni tix...@opendz.org wrote:
On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni tix...@opendz.org wrote:
On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
On 10/01/2013
) of cap_ptrace_access_check()
If this previous proc_same_open_cred() returns 0 (cred have changed)
goto (2) [PATCH v2 2/9] procfs: add proc_allow_access() to check if
file's opener may access task
proc_allow_access() returns 1 on success
2) It does the uid/gid checks which is complete
On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni tix...@opendz.org wrote:
On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
On Wed, Oct 2,
On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni tix...@opendz.org wrote:
On Wed, Oct 02,
On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni tix...@opendz.org wrote:
On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
On Thu, Oct 3,
On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni wrote:
> On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
>> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
>> > Since /proc entries varies at runtime, permission checks need to happen
>> > during each system call.
>> >
>> > However
On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> > Since /proc entries varies at runtime, permission checks need to happen
> > during each system call.
> >
> > However even with that /proc file descriptors can be passed to a more
>
On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
On 10/01/2013 01:26 PM, Djalal Harouni wrote:
Since /proc entries varies at runtime, permission checks need to happen
during each system call.
However even with that /proc file descriptors can be passed to a more
On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni tix...@opendz.org wrote:
On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
On 10/01/2013 01:26 PM, Djalal Harouni wrote:
Since /proc entries varies at runtime, permission checks need to happen
during each system call.
However
On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> Since /proc entries varies at runtime, permission checks need to happen
> during each system call.
>
> However even with that /proc file descriptors can be passed to a more
> privileged process (e.g. a suid-exec) which will pass the classic
>
Since /proc entries varies at runtime, permission checks need to happen
during each system call.
However even with that /proc file descriptors can be passed to a more
privileged process (e.g. a suid-exec) which will pass the classic
ptrace_may_access() permission check. The open() call will be
Since /proc entries varies at runtime, permission checks need to happen
during each system call.
However even with that /proc file descriptors can be passed to a more
privileged process (e.g. a suid-exec) which will pass the classic
ptrace_may_access() permission check. The open() call will be
On 10/01/2013 01:26 PM, Djalal Harouni wrote:
Since /proc entries varies at runtime, permission checks need to happen
during each system call.
However even with that /proc file descriptors can be passed to a more
privileged process (e.g. a suid-exec) which will pass the classic
62 matches
Mail list logo