Re: [PATCH] file capabilities: allow sigcont within session (v2)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Serge E. Hallyn <serue@...>

Cc: Stephen Smalley <sds@...>, lkml <linux-kernel@...>, <linux-security-module@...>, Andrew Morton <akpm@...>, Chris Wright <chrisw@...>, Theodore Ts'o <tytso@...>, Rafael J. Wysocki <rjw@...>, Natalie Protasevich <protasnb@...>

Subject: Re: [PATCH] file capabilities: allow sigcont within session (v2)

Date: Saturday, November 3, 2007 - 5:31 pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Serge E. Hallyn wrote:
quoted text> Quoting Stephen Smalley (sds@epoch.ncsc.mil):
>> On Wed, 2007-10-31 at 18:49 -0500, Serge E. Hallyn wrote:
[..]
quoted text>>> Also don't do file-capabilities signaling checks when uids for
>>> the processes don't match, since the standard check_kill_permission
>>> will have done those checks.
>> Description doesn't match the code.
> 
> Egads.  I knew I should've just kept that part out of it for the first
> patch...
> 
> New patch on top of previous one is appended.

Dang! I stared at the code a long time to see what you were doing...

And concluded that you had coded what you intended; allow processes that
share UIDs to kill one another - independent of capabilities. The fact
that this is the reverse of the words you used to introduce your patch,
I didn't notice.

I totally missed the fact that this was (unwanted) new functionality!!
Mea culpa for the bad review.

I certainly Sign off the revised patch.

Cheers

Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHLOicmwytjiwfWMwRAq5HAJ49eajMT4myf1oKfrab2oCw/o9HnwCgkYt2
RyIsmHVWmClsrxCz5s1HRJY=
=hGLO
-----END PGP SIGNATURE-----
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] file capabilities: allow sigcont within session (v2), Serge E. Hallyn, (Wed Oct 31, 7:49 pm)

Re: [PATCH] file capabilities: allow sigcont within session ..., Stephen Smalley, (Thu Nov 1, 8:07 am)

Re: [PATCH] file capabilities: allow sigcont within session ..., Serge E. Hallyn, (Thu Nov 1, 9:47 am)

Re: [PATCH] file capabilities: allow sigcont within session ..., Andrew Morgan, (Sat Nov 3, 5:31 pm)

Re: [PATCH] file capabilities: allow sigcont within session ..., Theodore Tso, (Thu Nov 1, 9:54 pm)

Re: [PATCH] file capabilities: allow sigcont within session ..., Theodore Tso, (Thu Nov 1, 4:12 pm)

Re: [PATCH] file capabilities: allow sigcont within session ..., Andrew Morgan, (Thu Nov 1, 12:47 am)

Re: [PATCH] file capabilities: allow sigcont within session ..., Andrew Morgan, (Wed Oct 31, 9:27 pm)


linux-kernel:

Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
David Newall	Re: Slow DOWN, please!!!
Andrew Morton	Re: Linux 2.6.21-rc4
git:

linux-netdev:
David Miller	[GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Dale Farnsworth	Re: [PATCH 01/39] mv643xx_eth: reverse topological sort of functions
openbsd-misc:

Re: [PATCH] file capabilities: allow sigcont within session (v2)

Online users