Re: [RFC][PATCH] Privilege dropping security module

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Rob Meijer

Subject: Re: [RFC][PATCH] Privilege dropping security module

Date: Sunday, September 27, 2009 - 10:38 pm

On Sat, September 26, 2009 23:35, Andy Spencer wrote:
quoted text>> It's amazing who much of this stuff there is to attend to.  If you
>> haven't, run checkpatch.py on your patches. You'll need to pass that
>> eventually.
>
> I've fixed the remaining things that checkpatch.pl suggests as well as a
> few others and will include those checks for future patches.
>
>
>> Hmm. You are working with the Linux DAC mechanism, even if only within
>> a process tree. You're not dropping privilege, you're applying a mask
>> to the file permission bits, currently for file system objects, and
>> with other objects (sysvipc at least) in the future. Hmm. modemask?
>> Something derived from "restricted process tree?"
>
> `Access Control Masking' or `Policy Masking' perhaps?
>

Or  'Permission Attenuation' ?

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[RFC] Privilege dropping security module, Andy Spencer, (Tue Sep 22, 5:56 pm)

Re: [RFC] Privilege dropping security module, Casey Schaufler, (Wed Sep 23, 1:46 pm)

[RFC][PATCH] Privilege dropping security module, Andy Spencer, (Wed Sep 23, 2:31 pm)

Re: [RFC] Privilege dropping security module, Andy Spencer, (Wed Sep 23, 3:31 pm)

Re: [RFC] Privilege dropping security module, Tetsuo Handa, (Wed Sep 23, 4:03 pm)

Re: [RFC][PATCH] Privilege dropping security module, Casey Schaufler, (Thu Sep 24, 9:25 am)

Re: [RFC] Privilege dropping security module, David Wagner, (Thu Sep 24, 9:37 am)

Re: [RFC] Privilege dropping security module, Andy Spencer, (Fri Sep 25, 12:22 am)

Re: [RFC][PATCH] Privilege dropping security module, Andy Spencer, (Fri Sep 25, 3:06 am)

Re: [RFC][PATCH] Privilege dropping security module, Casey Schaufler, (Fri Sep 25, 9:23 am)

Re: [RFC] Privilege dropping security module, David Wagner, (Fri Sep 25, 1:48 pm)

Re: [RFC][PATCH] Privilege dropping security module, David Wagner, (Fri Sep 25, 2:00 pm)

Re: [RFC] Privilege dropping security module, Andy Spencer, (Sat Sep 26, 2:09 pm)

Re: [RFC][PATCH] Privilege dropping security module, Andy Spencer, (Sat Sep 26, 2:35 pm)

Re: [RFC] Privilege dropping security module, David Wagner, (Sat Sep 26, 5:28 pm)

Re: [RFC][PATCH] Privilege dropping security module, Rob Meijer, (Sun Sep 27, 10:38 pm)

[RFC][PATCH] Permission masking security module (was dpriv), Andy Spencer, (Tue Sep 29, 12:10 am)

Re: [RFC][PATCH] Privilege dropping security module, Andy Spencer, (Tue Sep 29, 12:36 am)

Re: [RFC][PATCH] Permission masking security module (was d ..., Greg KH, (Tue Sep 29, 10:44 am)

Re: [RFC][PATCH] Permission masking security module (was d ..., Andy Spencer, (Tue Sep 29, 5:18 pm)

Re: [RFC][PATCH] Permission masking security module (was d ..., Casey Schaufler, (Wed Sep 30, 7:33 pm)

Re: [RFC] Privilege dropping security module, Pavel Machek, (Thu Oct 1, 12:38 am)

Re: [RFC] Privilege dropping security module, Andy Spencer, (Thu Oct 1, 2:15 am)

Re: [RFC] Privilege dropping security module, Pavel Machek, (Thu Oct 1, 3:42 am)

Navigation

Popular discussions


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Ingo Molnar	Re: [PATCH v3] x86: merge the simple bitops and move them to bitops.h
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Andi Kleen	Re: - romsignature-checksum-cleanup-2.patch removed from -mm tree
Axel Lin	[PATCH] tc6393xb: fix wrong goto labels for error handling
git:
Christian Jaeger	Re: Problem with Git.pm bidi_pipe methods
Linus Torvalds	Re: mingw, windows, crlf/lf, and git
Nicolas Pitre	Re: [PATCH 2/2] Implement a simple delta_base cache
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Jeff King	[PATCH 1/4] t4012: use test_cmp instead of cmp
git-commits-head:
Linux Kernel Mailing List	i2c-i801: Add Intel Cougar Point device IDs
Linux Kernel Mailing List	Staging: batman-adv: splitting /proc vis file into vis_server and vis_data
Linux Kernel Mailing List	drm/i915: Add information on pinning and fencing to the i915 list debug.
Linux Kernel Mailing List	ocfs2: Stop orphan scan as early as possible during umount
Linux Kernel Mailing List	x86, apic: clean up spurious vector sanity check
linux-netdev:
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Gerrit Renker	v2 [PATCH 1/4] dccp: Limit feature negotiation to connection setup phase
Lennert Buytenhek	Re: [PATCH 3/6] [NET] dsa: add support for original DSA tagging format
Inaky Perez-Gonzalez	[PATCH 40/40] wimax/i2400m: add CREDITS and MAINTAINERS entries
Pavel Emelyanov	[PATCH net-2.6.26 2/2][NETNS]: The generic per-net pointers.
freebsd-current:
Boris Samorodov	Re: twa + dump = sbwait
John Baldwin	Re: Possible case of sched_ule never honoring cpu_set affinity?
韓家標 Bill Hacker	Re: ZFS honesty
samira	sata atapi on ich9r
Bjoern A. Zeeb	Re: Can not boot 7.0-BETA3 with IPSEC

Colocation donated by:

Syndicate