Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 May 2017 09:33:44 -0500
From: "Serge E. Hallyn" <>
To: Peter Dolding <>
Cc: Kees Cook <>, Daniel Micay <>,
	Alan Cox <>, Matt Brown <>,
	"Serge E. Hallyn" <>,
	Greg KH <>, Jiri Slaby <>,
	Andrew Morton <>,
	Jann Horn <>, James Morris <>,
	"" <>,
	linux-security-module <>,
	linux-kernel <>
Subject: Re: Re: [PATCH v6 0/2] security: tty: make
 TIOCSTI ioctl require CAP_SYS_ADMIN

On Fri, May 19, 2017 at 12:48:17PM +1000, Peter Dolding wrote:
> Using cap_sys_admin as fix is like removing car windsheld because
> vision is being blocked by a rock hitting it.

Nonsense.  If the application has cap_sys_admin then it is less contained and
more trusted anyway.  If I went to the trouble to run an application in a
private user namespace (where it can have cap_sys_admin, but not targeted
at my tty) then it should be more contained.  That's the point of targeted

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.