Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932475AbbGJQ0p (ORCPT ); Fri, 10 Jul 2015 12:26:45 -0400 Received: from mail-lb0-f171.google.com ([209.85.217.171]:35389 "EHLO mail-lb0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932285AbbGJQ0f (ORCPT ); Fri, 10 Jul 2015 12:26:35 -0400 MIME-Version: 1.0 In-Reply-To: <559FEBF2.1040908@schaufler-ca.com> References: <559EBCC0.7040604@tycho.nsa.gov> <559FC7DD.8060507@tycho.nsa.gov> <559FEBF2.1040908@schaufler-ca.com> Date: Fri, 10 Jul 2015 18:26:33 +0200 Message-ID: Subject: Re: kdbus: credential faking From: David Herrmann To: Casey Schaufler Cc: Stephen Smalley , Greg KH , Daniel Mack , Djalal Harouni , lkml , LSM , Paul Osmialowski , Paul Moore Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 772 Lines: 20 Hi On Fri, Jul 10, 2015 at 5:59 PM, Casey Schaufler wrote: [...] > There are so many ways uids are being (miss/ab)used > on Linux systems these days that the idea of trusting a bus just > because its non-root uid is listed in a table somewhere (or worse, > coded in an API) is asking for exploits. Please elaborate on these possible exploits. I'd also like to hear, whether the same applies to the already used '/run/user//bus', which follows nearly the same model. Thanks David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/