Alan Cox wrote:
On Llu, 2005-08-29 at 11:54 +0800, qiyong wrote:
We can ignore it safely. sys_promote is a different approach from
selinux. sys_promote is to let sysadmin manually manipulate a running
process,
You can ignore the patch easily enough. Ignoring the locking doesn't
Ulrich Drepper wrote:
On 8/29/05, Alan Cox <[EMAIL PROTECTED]> wrote:
Fixing it might be useful in some obscure cases anyway - POSIX threads
might benefit from it too, providing the functionality of changing all
thread uids at once isnt triggered for sensible threaded app behaviour.
Ulrich Drepper wrote:
On 8/29/05, Alan Cox [EMAIL PROTECTED] wrote:
Fixing it might be useful in some obscure cases anyway - POSIX threads
might benefit from it too, providing the functionality of changing all
thread uids at once isnt triggered for sensible threaded app behaviour.
I
Alan Cox wrote:
On Llu, 2005-08-29 at 11:54 +0800, qiyong wrote:
We can ignore it safely. sys_promote is a different approach from
selinux. sys_promote is to let sysadmin manually manipulate a running
process,
You can ignore the patch easily enough. Ignoring the locking doesn't
må den 29.08.2005 Klokka 13:29 (+0100) skreiv Alan Cox:
> You can ignore the patch easily enough. Ignoring the locking doesn't
> work because functionality like fork process counting, exec, and setuid
> all make definite assumptions that are not safe to tamper without unless
> you fix the uid
On Llu, 2005-08-29 at 11:54 +0800, qiyong wrote:
> We can ignore it safely. sys_promote is a different approach from
> selinux. sys_promote is to let sysadmin manually manipulate a running
> process,
You can ignore the patch easily enough. Ignoring the locking doesn't
work because
On Mon, 2005-08-29 at 16:16 +0800, Coywolf Qi Hunt wrote:
> Bernd Petrovitsch wrote:
[...]
> >(almost) every tool may become a security problem.
> >If you fear a bug in sudo, then write a minimal setuid wrapper for
> >yourself which checks for the user it started and exec's a binary (with
> >the
Bernd Petrovitsch wrote:
On Mon, 2005-08-29 at 11:55 +0800, qiyong wrote:
Erik Mouw wrote:
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at
On Mon, 2005-08-29 at 11:55 +0800, qiyong wrote:
> Erik Mouw wrote:
> >On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
> >>I just wrote a tool with kernel patch, which is to set the uid's of a
> >>running
> >>process without FORK.
> >>
> >>The tool is at
On Mon, 2005-08-29 at 11:55 +0800, qiyong wrote:
Erik Mouw wrote:
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
I just wrote a tool with kernel patch, which is to set the uid's of a
running
process without FORK.
The tool is at
Bernd Petrovitsch wrote:
On Mon, 2005-08-29 at 11:55 +0800, qiyong wrote:
Erik Mouw wrote:
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at
On Mon, 2005-08-29 at 16:16 +0800, Coywolf Qi Hunt wrote:
Bernd Petrovitsch wrote:
[...]
(almost) every tool may become a security problem.
If you fear a bug in sudo, then write a minimal setuid wrapper for
yourself which checks for the user it started and exec's a binary (with
the full path
On Llu, 2005-08-29 at 11:54 +0800, qiyong wrote:
We can ignore it safely. sys_promote is a different approach from
selinux. sys_promote is to let sysadmin manually manipulate a running
process,
You can ignore the patch easily enough. Ignoring the locking doesn't
work because functionality
må den 29.08.2005 Klokka 13:29 (+0100) skreiv Alan Cox:
You can ignore the patch easily enough. Ignoring the locking doesn't
work because functionality like fork process counting, exec, and setuid
all make definite assumptions that are not safe to tamper without unless
you fix the uid locking.
Erik Mouw wrote:
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at http://users.freeforge.net/~coywolf/pub/promote/
Usage: promote [uid]
I once need such a
Alan Cox wrote:
On Gwe, 2005-08-26 at 19:02 +0800, Coywolf Qi Hunt wrote:
3) admins can `promote' a suspect process instead of killing it.
Is it also generally useful in practice? Thoughts?
The locking is wrong. At the moment the entire kernel assumes that a
process uid is not
Alan Cox wrote:
On Gwe, 2005-08-26 at 19:02 +0800, Coywolf Qi Hunt wrote:
3) admins can `promote' a suspect process instead of killing it.
Is it also generally useful in practice? Thoughts?
The locking is wrong. At the moment the entire kernel assumes that a
process uid is not
Erik Mouw wrote:
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at http://users.freeforge.net/~coywolf/pub/promote/
Usage: promote pid [uid]
I once need such a
On Gwe, 2005-08-26 at 19:02 +0800, Coywolf Qi Hunt wrote:
> > 3) admins can `promote' a suspect process instead of killing it.
> >
> > Is it also generally useful in practice? Thoughts?
The locking is wrong. At the moment the entire kernel assumes that a
process uid is not changed by anyone
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
> I just wrote a tool with kernel patch, which is to set the uid's of a running
> process without FORK.
>
> The tool is at http://users.freeforge.net/~coywolf/pub/promote/
> Usage: promote [uid]
>
> I once need such a tool to work
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
> Hello,
>
> I just wrote a tool with kernel patch, which is to set the uid's of a running
> process without FORK.
>
> The tool is at http://users.freeforge.net/~coywolf/pub/promote/
> Usage: promote [uid]
>
> I once need such a
Hello,
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at http://users.freeforge.net/~coywolf/pub/promote/
Usage: promote [uid]
I once need such a tool to work together with my admin in order to tune my web
configuration. I think
Hello,
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at http://users.freeforge.net/~coywolf/pub/promote/
Usage: promote pid [uid]
I once need such a tool to work together with my admin in order to tune my web
configuration. I
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
Hello,
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at http://users.freeforge.net/~coywolf/pub/promote/
Usage: promote pid [uid]
I once need such a tool
On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
I just wrote a tool with kernel patch, which is to set the uid's of a running
process without FORK.
The tool is at http://users.freeforge.net/~coywolf/pub/promote/
Usage: promote pid [uid]
I once need such a tool to work
On Gwe, 2005-08-26 at 19:02 +0800, Coywolf Qi Hunt wrote:
3) admins can `promote' a suspect process instead of killing it.
Is it also generally useful in practice? Thoughts?
The locking is wrong. At the moment the entire kernel assumes that a
process uid is not changed by anyone else.
26 matches
Mail list logo
