[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode
From: |
Adhemerval Zanella Netto |
Subject: |
Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode |
Date: |
Thu, 20 Apr 2023 12:13:50 -0300 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 |
On 20/04/23 09:06, Cristian Rodríguez wrote:
>
>
> On Thu, Apr 20, 2023 at 7:47 AM Adhemerval Zanella Netto
> <adhemerval.zanella@linaro.org <mailto:adhemerval.zanella@linaro.org>> wrote:
>
>
>
>
> I am not really sure how effective is this hardening, it seems more a
> development one to enforce that system daemon are spawned correctly.
>
>
> Exactly, my understanding is that it is a futile exercise ..if one sufficient
> privilege at that stage one can do whatever is desired.. why even bother
> messing with the standard fds..
I don't have a strong opinion, but I tend to agree that this hardening does
not add much specially now that we have a lot of granular ways to limit
process execution (such as capabilities, seccomp, etc.).
- [RFC PATCH v2 3/7] Use O_CLOEXEC in more places (BZ #15722), (continued)
- [RFC PATCH v2 3/7] Use O_CLOEXEC in more places (BZ #15722), Sergey Bugaev, 2023/04/19
- [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Sergey Bugaev, 2023/04/19
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Cristian Rodríguez, 2023/04/19
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Sergey Bugaev, 2023/04/19
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Adhemerval Zanella Netto, 2023/04/19
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Sergey Bugaev, 2023/04/19
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Adhemerval Zanella Netto, 2023/04/20
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Cristian Rodríguez, 2023/04/20
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode,
Adhemerval Zanella Netto <=
- Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode, Paul Eggert, 2023/04/21
[RFC PATCH v2 5/7] hurd: Make dl-sysdep's open () cope with O_IGNORE_CTTY, Sergey Bugaev, 2023/04/19
[RFC PATCH v2 7/7] Use O_IGNORE_CTTY where appropriate, Sergey Bugaev, 2023/04/19