All three are actually very good examples on how your "Security"
modules work around problems instead of fixing thev actual cause.
Instead of adding hacks for tempfile races you rather want to
give each user a private namesapace and it's own /tmp (IMHO
we should also get rid of symlinks entirely, but they're in too wide
use nowdays unfortunately).
And ptrace _really_ _really_ needs to be replaced by a sane debug
interface, like the plan9 procfs-based debugging.
But instead of attaking these causes security folks like wirex just
implement fuzzy busword mechanisms that are selable to managers.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/