On Mon, Jul 31, 2017 at 3:43 PM, Kees Cook wrote:
> On Wed, Jul 19, 2017 at 9:53 PM, Andy Lutomirski wrote:
>> On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote:
>>> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote:
The commoncap implementation of the bprm_secureexec hook is the only
On Wed, Jul 19, 2017 at 9:53 PM, Andy Lutomirski wrote:
> On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote:
>> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote:
>>> The commoncap implementation of the bprm_secureexec hook is the only LSM
>>> that depends on the final call to its bprm_set_c
On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote:
> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote:
>> The commoncap implementation of the bprm_secureexec hook is the only LSM
>> that depends on the final call to its bprm_set_creds hook (since it may
>> be called for multiple files, it ig
On Tue, 18 Jul 2017, Kees Cook wrote:
> The commoncap implementation of the bprm_secureexec hook is the only LSM
> that depends on the final call to its bprm_set_creds hook (since it may
> be called for multiple files, it ignores bprm->called_set_creds). As a
> result, it cannot safely _clear_ bpr
On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote:
> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote:
>> The commoncap implementation of the bprm_secureexec hook is the only LSM
>> that depends on the final call to its bprm_set_creds hook (since it may
>> be called for multiple files, it ig
On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote:
> The commoncap implementation of the bprm_secureexec hook is the only LSM
> that depends on the final call to its bprm_set_creds hook (since it may
> be called for multiple files, it ignores bprm->called_set_creds). As a
> result, it cannot safely
The commoncap implementation of the bprm_secureexec hook is the only LSM
that depends on the final call to its bprm_set_creds hook (since it may
be called for multiple files, it ignores bprm->called_set_creds). As a
result, it cannot safely _clear_ bprm->secureexec since other LSMs may
have set it.
7 matches
Mail list logo