Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262309AbVEMIel (ORCPT ); Fri, 13 May 2005 04:34:41 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262303AbVEMIe1 (ORCPT ); Fri, 13 May 2005 04:34:27 -0400 Received: from rev.193.226.232.93.euroweb.hu ([193.226.232.93]:32271 "EHLO dorka.pomaz.szeredi.hu") by vger.kernel.org with ESMTP id S262306AbVEMIeR (ORCPT ); Fri, 13 May 2005 04:34:17 -0400 To: bulb@ucw.cz CC: hbryan@us.ibm.com, ericvh@gmail.com, hch@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, smfrench@austin.rr.com In-reply-to: <20050513071924.GA9667@vagabond> (message from Jan Hudec on Fri, 13 May 2005 09:19:24 +0200) Subject: Re: [RCF] [PATCH] unprivileged mount/umount References: <20050513071924.GA9667@vagabond> Message-Id: From: Miklos Szeredi Date: Fri, 13 May 2005 10:33:34 +0200 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 957 Lines: 25 > > You could argue about the usefulness of ptrace. The point is, that > > suid/sgid programs _can_ be discerned, and ptrace _needs_ to discern > > them. > > I actually neither needs to, nor does. For ptrace the definition is: > If the tracee has different privilegies, than the tracer, than it > can't be traced. Right. I was talking about suid/sgid because with private namespaces (unless there's a way to enter them externally) only suid/sgid programs will have different privileges. > For this definition, the check is not a hack. It's the only way to go. > > Now this definition is really what is needed for the filesystem case > too, so I think it's not a hack either. Fully agreed. Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/