Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode

From:	Adhemerval Zanella Netto
Subject:	Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode
Date:	Thu, 20 Apr 2023 12:13:50 -0300
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.10.0


On 20/04/23 09:06, Cristian Rodríguez wrote:
> 
> 
> On Thu, Apr 20, 2023 at 7:47 AM Adhemerval Zanella Netto 
> <adhemerval.zanella@linaro.org <mailto:adhemerval.zanella@linaro.org>> wrote:
> 
> 
> 
> 
>     I am not really sure how effective is this hardening, it seems more a
>     development one to enforce that system daemon are spawned correctly.
> 
> 
> Exactly, my understanding is that it is a futile exercise ..if one sufficient 
> privilege at that stage one can do whatever is desired..  why even bother 
> messing with the standard fds..

I don't have a strong opinion, but I tend to agree that this hardening does
not add much specially now that we have a lot of granular ways to limit 
process execution (such as capabilities, seccomp, etc.).

[Prev in Thread]

Current Thread

[Next in Thread]

[RFC PATCH v2 3/7] Use O_CLOEXEC in more places (BZ #15722), (continued)
- [RFC PATCH v2 3/7] Use O_CLOEXEC in more places (BZ #15722), Sergey Bugaev, 2023/04/19
  - Re: [RFC PATCH v2 3/7] Use O_CLOEXEC in more places (BZ #15722), Adhemerval Zanella Netto, 2023/04/21
    - Re: [RFC PATCH v2 3/7] Use O_CLOEXEC in more places (BZ #15722), Samuel Thibault, 2023/04/22
- [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Sergey Bugaev, 2023/04/19
  - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Cristian Rodríguez, 2023/04/19
    - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Sergey Bugaev, 2023/04/19
    - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Adhemerval Zanella Netto, 2023/04/19
    - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Sergey Bugaev, 2023/04/19
    - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Adhemerval Zanella Netto, 2023/04/20
    - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Cristian Rodríguez, 2023/04/20
    - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Adhemerval Zanella Netto <=
    - Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Paul Eggert, 2023/04/21
- [RFC PATCH v2 5/7] hurd: Make dl-sysdep's open () cope with O_IGNORE_CTTY, Sergey Bugaev, 2023/04/19
  - Re: [RFC PATCH v2 5/7] hurd: Make dl-sysdep's open () cope with O_IGNORE_CTTY, Samuel Thibault, 2023/04/20
- [RFC PATCH v2 7/7] Use O_IGNORE_CTTY where appropriate, Sergey Bugaev, 2023/04/19

Prev by Date: Re: [PATCH 5/5] add setting gs/fsbase
Next by Date: [PATCH 1/2] hurd: Don't migrate reply port into __init1_tcbhead
Previous by thread: Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode
Next by thread: Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode
Index(es):
- Date
- Thread