To: linux-kernel@vger.kernel.org
Path: not-for-mail
From: daw@cs.berkeley.edu (David Wagner)
Newsgroups: isaac.lists.linux-kernel
Subject: Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges
Date: Thu, 31 Dec 2009 17:55:27 +0000 (UTC)
Organization: University of California, Berkeley
Message-ID: <hhioif$j9t$3@taverner.cs.berkeley.edu>
References: <m1iqbpwjtp.fsf@fess.ebiederm.org> <m2bphfti1u.fsf@ssh.synack.fr> <e7d8f83e0912310608j2c52acabxbd57d24e2b3073ca@mail.gmail.com> <20091231170641.6dd46c6e@lxorguk.ukuu.org.uk>
Reply-To: daw-news@taverner.cs.berkeley.edu (David Wagner)
NNTP-Posting-Host: taverner.cs.berkeley.edu
NNTP-Posting-Date: Thu, 31 Dec 2009 17:55:27 +0000 (UTC)
Originator: daw@taverner.cs.berkeley.edu (David Wagner)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 735
Lines: 10

Alan Cox  wrote:
>Removing specific features from a specific piece of code
>generally isn't a security feature -

You lost me there.  The ability of a specific piece of code to voluntarily
relinquish privileges can be a big benefit to security.  It enables
privilege-separated software architectures, which are a powerful way to
reduce risk.  That's the motivation for the disablenetwork proposal that
has stimulated all this discussion.  I hope this is obvious?  Does it
need elaboration?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/