On Fri 2014-12-05 13:22:50, One Thousand Gnomes wrote:
>
> > 2.a. If task A has sufficient capabilities to send signals to task B, then
> > task A is already in position to do anything it wants with task B, including
> > killing it outright.
>
> Not entirely true.
>
> - We have securirty models like SELinux
> - We have namespaces and being able to send an fd between namespaces is
> not quite as flexible as you would make it
>
> I suspect therefore it needs security hooks but otherwise looks more sane
> than the current AF_UNIX approach.
The right test for "can do anything" is "can_ptrace()"...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
