[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode

From: Adhemerval Zanella Netto
Subject: Re: [RFC PATCH v2 4/7] csu: Fix standard fds' mode
Date: Thu, 20 Apr 2023 12:13:50 -0300
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.10.0

On 20/04/23 09:06, Cristian Rodríguez wrote:
> On Thu, Apr 20, 2023 at 7:47 AM Adhemerval Zanella Netto 
> <adhemerval.zanella@linaro.org <mailto:adhemerval.zanella@linaro.org>> wrote:
>     I am not really sure how effective is this hardening, it seems more a
>     development one to enforce that system daemon are spawned correctly.
> Exactly, my understanding is that it is a futile exercise ..if one sufficient 
> privilege at that stage one can do whatever is desired..  why even bother 
> messing with the standard fds..

I don't have a strong opinion, but I tend to agree that this hardening does
not add much specially now that we have a lot of granular ways to limit 
process execution (such as capabilities, seccomp, etc.).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]