[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-kernel
Subject:    Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities
From:       Richard Weinberger <richard () nod ! at>
Date:       2015-01-31 23:33:23
Message-ID: 54CD6643.2060504 () nod ! at
[Download RAW message or body]

Am 01.02.2015 um 00:30 schrieb Paul E. McKenney:
> On Fri, Jan 30, 2015 at 10:56:14PM +0100, Richard Weinberger wrote:
>> On Fri, Jan 30, 2015 at 10:40 PM, Josh Triplett <josh@joshtriplett.org> wrote:
>>> *Today*, Linux is a challenging choice for a tiny embedded system.
>>> We're trying to fix that.
>>
>> Can you please more specific about the embedded systems exactly you're
>> talking about?
>>
>> I find this patch rather controversial as it removes a lot of security.
>> Embedded systems *are* a target for all kind of attacks.
>> Misguided embedded engineers will abuse this feature and produce even more
>> weak targets.
> 
> Without this patch, those same engineers would simply run everything as
> root.  "Make a foolproof system, and they will invent a better fool".  ;-)

Luckily many services will run as non-root by default and some even refuse to
run as root. :-)

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]