[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/4] Allow the process owner to perform all privileged operat
From: |
Sergey Bugaev |
Subject: |
Re: [PATCH 2/4] Allow the process owner to perform all privileged operations |
Date: |
Mon, 26 Jun 2023 11:42:54 +0300 |
On Mon, Jun 26, 2023 at 2:11 AM Sergey Bugaev <bugaevc@gmail.com> wrote:
> The user already has full access to our task, and the same kind of
> access to the file system image (if any) as our task does, we're not
> buying any additional security by disallowing them access.
This is not necessarily true considering multi-UID. We'd need to check
that the user has *all* of the UIDs that our task has.
This is why you don't commit at 2 AM :D
Sergey