On Tue, May 4, 2021 at 1:21 PM Arusekk <arek_koz@xxxxx> wrote:
>
> Keeping it the way it is for the sake of security of userspace applications
> looks more like security through obscurity to me.
No, it's simply "no valid use" and "why expose interfaces that don't
need to be exposed".
splice() _has_ been a security issue before. It's why I want to limit
it now. I want to enable it only for cases that seem to be worth
enabling for.
Have we fixed all the splice security issues? I certainly hope so. Are
you correct in stating that there are probably other places that might
be more interesting to attackers? Sure. But none of that changes the
basic issue: why expose this?
Linus
