Date: Wed, 21 Jan 2015 13:54:29 +0300 From: Solar Designer <solar@...nwall.com> To: Ben Hutchings <ben@...adent.org.uk> Cc: oss-security@...ts.openwall.com Subject: Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Ben, all - On Sat, Jan 17, 2015 at 11:26:46PM +0000, Ben Hutchings wrote: > chown() and write() should clear all privilege attributes on > a file - setuid, setgid, setcap and any other extended > privilege attributes. > > However, any attributes beyond setuid and setgid are managed by the > LSM and not directly by the filesystem, so they cannot be set along > with the other attributes. [...] First of all, thank you for your work on the Linux kernel! Going forward, I think it may be better to CC this sort of messages to the kernel-hardening list (like it's been done on some occasions before, see below) rather than to oss-security - and only post summary messages to oss-security, separately (not CC'ed to anywhere else). And yes, I'd like to see those summaries and occasional status updates in here (if a relevant issue is being discussed on LKML and/or kernel-hardening) - just not entire LKML threads in full detail (which often includes comments on coding style, multiple patch revisions, etc.) http://www.openwall.com/lists/kernel-hardening/ oss-security isn't focused on Linux (let alone the kernel) to an extent where having lengthy/multiple LKML threads CC'ed in here would be appropriate, and it's too tough a job for list moderators to choose to let only some of the messages in a thread like this through to the list (besides, if a message in a thread is rejected, this annoys/discourages the sender, and it breaks threading in some archives/MUAs). The three messages in this thread so far are luckily OK for oss-security as well, but I am concerned about the general practice and where it would lead us. I suggest that we do let further messages in this thread to oss-security (unless there are too many or they wander too far), but for further occasions please consider the kernel-hardening list (with only summaries and infrequent status updates to be sent to oss-security). Thanks again, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ