Mailinglist Archive: opensuse-factory (422 mails)
| < Previous | Next > |
Re: [opensuse-factory] Plan for 11.2?
- From: "Rob OpenSuSE" <rob.opensuse.linux@xxxxxxxxxxxxxx>
- Date: Thu, 8 Jan 2009 15:23:30 +0000
- Message-id: <ce9d8ed60901080723s7726e621ua268efd231ebe528@xxxxxxxxxxxxxx>
For 11.2, what about using filesystem capabilities to reduce the
number of suid executables, in order to reduce the criticality of
security flaws?
Ultrich Drepper has blogged a short example that is usable in Fedora
10 - http://udrepper.livejournal.com/20709.html
LWN Subsriber only content until 2009/01/14 - http://lwn.net/Articles/313838/
More discussion and info on this, if you can read it.
The kernel now uses the filesystem capabilities, and at least the
default & commonest filesystems support extended attributes (xattr's).
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
number of suid executables, in order to reduce the criticality of
security flaws?
Ultrich Drepper has blogged a short example that is usable in Fedora
10 - http://udrepper.livejournal.com/20709.html
LWN Subsriber only content until 2009/01/14 - http://lwn.net/Articles/313838/
More discussion and info on this, if you can read it.
The kernel now uses the filesystem capabilities, and at least the
default & commonest filesystems support extended attributes (xattr's).
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |