[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: Re: [PATCH v2] kernel: Conditionally support non-root users, groups and capabilities
From: Richard Weinberger <richard () nod ! at>
Date: 2015-01-31 23:33:23
Message-ID: 54CD6643.2060504 () nod ! at
[Download RAW message or body]
Am 01.02.2015 um 00:30 schrieb Paul E. McKenney:
> On Fri, Jan 30, 2015 at 10:56:14PM +0100, Richard Weinberger wrote:
>> On Fri, Jan 30, 2015 at 10:40 PM, Josh Triplett <josh@joshtriplett.org> wrote:
>>> *Today*, Linux is a challenging choice for a tiny embedded system.
>>> We're trying to fix that.
>>
>> Can you please more specific about the embedded systems exactly you're
>> talking about?
>>
>> I find this patch rather controversial as it removes a lot of security.
>> Embedded systems *are* a target for all kind of attacks.
>> Misguided embedded engineers will abuse this feature and produce even more
>> weak targets.
>
> Without this patch, those same engineers would simply run everything as
> root. "Make a foolproof system, and they will invent a better fool". ;-)
Luckily many services will run as non-root by default and some even refuse to
run as root. :-)
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic