Problems with firmware loader and selinux
Dmitry Torokhov
dmitry.torokhov at gmail.com
Fri Apr 1 14:34:09 UTC 2005
On Apr 1, 2005 9:14 AM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> On Fri, 2005-04-01 at 09:11 -0500, Dmitry Torokhov wrote:
> > So the question is - should there be a way for the kernel to temporary
> > switch context to "kernel" before executing some operations? I could
> > hack firmware loader to always start a new thread, but I wonder if we
> > have more places that need to temporarily override callers context and
> > therefore more general solution is needed.
>
...
>
> Whether or not an interface as you describe is needed is unclear; there
> is no usage case at present,
I am confused, I thought I described a scenario why it might be
needed. I probably just misunderstand what you mean by "usage case".
>and temporary changes in credentials are
> often a source of security flaws.
Yes, I understand that. I guess adjusting firmware loader to do the
job from a separate thread is the easiest way for now...
--
Dmitry
More information about the selinux
mailing list