change coming with maverick's 2.6.34-5 kernels
Matthew Garrett
mjg59 at srcf.ucam.org
Mon May 31 16:17:08 BST 2010
On Sun, May 30, 2010 at 10:03:45PM -0700, Kees Cook wrote:
> a) PTRACE of direct children only (protects credentials-of-the-past)
Is this a realistic solution to the attack? If firefox is running
arbitrary code then firefox is in a position where it can read or inject
arbitrary input events. Wouldn't it make more sense for this to be
something that's handled at a security policy level, ie only specific
applications are permitted to ptrace and firefox isn't allowed to
execute those applications?
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the ubuntu-devel
mailing list