Menu
▾
▴
Re: [LTP] [PATCH 0/4]: security: filesystem capabilities (was Re: [PATCH] capabilities: refactor kernel code + bugfix)
|
From: Subrata M. <tos...@gm...> - 2008-06-26 09:11:19
|
Hi Andrew, Do you feel that the corresponding filecaps test in LTP needs to be reviewed against the changes in Kernel filecaps. Do you remember that Sergei wrote this test case and you gave the review comments, after which we included the same inside LTP: http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/filecaps/ Regards-- Subrata On Thu, Jun 26, 2008 at 2:16 PM, Andrew G. Morgan <mo...@ke...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Andrew, > > Configuring filesystem capabilities is still tagged experimental, and > the effect of the "security fix" part of this change is conditional on > filesystem capabilities being configured. This late in the rc cycle, I'm > not convinced that the risk of this bugfix isn't greater than the benefit. > > If you disagree, there is another "security" problem with filesystem > capabilities and strace, and I've been exploring the fix. This is also > the last fix I think we need before we can remove the experimental > attribute on filesystem capabilities. > > As such, I'll follow this up with four patches. The first two are > bugfixes (affecting kernels configured with filesystem support); the > third is the refactoring; and the fourth removes the experimental tag on > filesystem capability support. > > Cheers > > Andrew > > Andrew Morton wrote: > | On Fri, 20 Jun 2008 08:38:19 -0700 > | "Andrew G. Morgan" <mo...@ke...> wrote: > | > |> From 8a2bffcb5363295ea43ef42c84c121a8e8c7ffa0 Mon Sep 17 00:00:00 2001 > |> From: Andrew G. Morgan <mo...@ke...> > |> Date: Fri, 20 Jun 2008 08:16:06 -0700 > |> Subject: [PATCH] Refactor filesystem capability support in main kernel. > |> > [...] > | This is one helluva large (security!) patch for so late in -rc. > | > | Could we please split out the bugfix for 2.6.26 (is it needed in 2.6.25 > | too?) and hold the refactoring back for 2.6.27? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (GNU/Linux) > > iD8DBQFIY1dr+bHCR3gb8jsRAsUDAJsGSGgj7TVq29CoTIOff3p1xkHYYwCfWFQ9 > Qm4ZQthlkNikLDoMuhalBx4= > =8NT4 > -----END PGP SIGNATURE----- > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to maj...@vg... > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- Regards & Thanks-- Subrata |