On Thu, Jan 12, 2012 at 11:11 AM, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote: >> more about). Since setuid is privilege escalation, then perhaps it >> makes sense to allow it as an escape hatch. >> >> Would it be sane to just disallow setuid exec exclusively? > > I think that is a policy question. I can imagine cases where either > behaviour is the "right" one so it may need to be a parameter ? Makes sense. I'll make it flaggable (ignoring the parallel conversation about having a thread-wide suidable bit). thanks! -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
