[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] SELinux: apply a different permission to ptrace a child vs non-child

On Mon, Apr 09, 2012 at 01:13:06PM -0400, Eric Paris wrote:
> On Mon, 2012-04-09 at 12:40 -0400, Josh Boyer wrote:
> > On Mon, Apr 09, 2012 at 09:59:18AM -0400, Eric Paris wrote:
> > > Some applications, like gdb, are able to ptrace both children or other
> > > completely unrelated tasks.  We would like to be able to discern these two
> > > things and to be able to allow gdb to ptrace it's children, but not to be
> > > able to ptrace unrelated tasks for security reasons.
> > > 
> > > Upstream is a bit weary of this patch as it may be incomplete.  They are
> > > not fundamentally opposed to the patch, I was just ask to see if I could
> > > flush out any needed refinement in Fedora where we already had the
> > > problem.  We may find that we need to emulate the YAMA non-child
> > 
> > I'd be comfortable doing that kind of flushing out in rawhide, but
> > I'm kinda hesitant for doing it in F17.  Which leads to...

I will add it to the next rawhide builds and see how it shakes out.

kernel mailing list

[Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Maintainers]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Deep Creek Hot Springs]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

Powered by Linux