Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Aug 2011 14:02:27 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: procfs {tid,tgid,attr}_allowed mount options

Solar,

On Thu, Aug 04, 2011 at 15:23 +0400, Vasiliy Kulikov wrote:
> New version.  Cleanups/fixes here and there.

One question: do we really need gid= option?  The only user I know is
identd, but does anybody use it nowadays?

With gid= I see 2 drawbacks:

1) Code becomes worse because of additional permission checks.

2) From the upstream's point of view it is very limited and unextendable
feature.


So, I'd go further without gid=, at least for the beginning.

Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.