Date: Mon, 27 Nov 2017 10:44:21 -0800 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Djalal Harouni <tixxdz@...il.com> Cc: Kees Cook <keescook@...omium.org>, Andy Lutomirski <luto@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, "Luis R. Rodriguez" <mcgrof@...nel.org>, James Morris <james.l.morris@...cle.com>, Ben Hutchings <ben.hutchings@...ethink.co.uk>, Solar Designer <solar@...nwall.com>, Serge Hallyn <serge@...lyn.com>, Jessica Yu <jeyu@...nel.org>, Rusty Russell <rusty@...tcorp.com.au>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Jonathan Corbet <corbet@....net>, Ingo Molnar <mingo@...nel.org>, "David S. Miller" <davem@...emloft.net>, Network Development <netdev@...r.kernel.org>, Peter Zijlstra <peterz@...radead.org> Subject: Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules On Mon, Nov 27, 2017 at 9:18 AM, Djalal Harouni <tixxdz@...il.com> wrote: > This uses the new request_module_cap() facility to directly propagate > CAP_NET_ADMIN capability and the 'netdev' module prefix to the > capability subsystem as it was suggested. This is the kind of complexity that I wonder if it's worth it at all. Nobody sane actually uses those stupid capability bits. Have you ever actually seen it used in real life? They were a mistake, and we should never have done them - another case of security people who think that complexity == security, when in reality nobody actually wants the complexity or is willing to set it up and manage it. Linus
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.