Re: [linux-audio-dev] Linux Security Module for realtime audio

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

Subject: Re: [linux-audio-dev] Linux Security Module for realtime audio
From: torbenh_AT_gmx.de
Date: Mon Dec 08 2003 - 10:06:27 EET

Next message: Uwe Koloska: "[linux-audio-dev] deconvolver for IR creation anyone?"
Previous message: Joern Nettingsmeier: "Re: [linux-audio-dev] New Linux Audio Column in Linux Journal"
Next in thread: Jack O'Quin: "Re: [linux-audio-dev] Linux Security Module for realtime audio"
Maybe reply: torbenh_AT_gmx.de: "Re: [linux-audio-dev] Linux Security Module for realtime audio"

On Sat, Dec 06, 2003 at 06:35:45PM -0600, Jack O'Quin wrote:
>
> I've been experimenting with Torben's LSM for the 2.6 kernel, and the
> realtime group permissions mechanism we discussed.
>
> Naturally, there are some problems. The worst is that GTK-2 will not
> tolerate the use of setgid...

uhh... i only tested with muse. now this is really bad.

hmm... perhaps we trick the binary by setting the gid back
to the e_gid after enabling capabilities :)

it works... add this to my version:

               if( (rtgid != 0) && (bprm->e_gid == rtgid) ) {
+
+ bprm->e_gid = current->gid;
+
                    bprm->cap_effective = CAP_TO_MASK(CAP_IPC_LOCK) | CAP_TO_MASK(CAP_SYS_NICE) | CAP_TO_MASK(CAP_SYS_RESOURCE);
                    bprm->cap_permitted = CAP_TO_MASK(CAP_IPC_LOCK) | CAP_TO_MASK(CAP_SYS_NICE) | CAP_TO_MASK(CAP_SYS_RESOURCE);
                }

i am not sure what you did to the jack cvs.
i hope you dont check for the realtime group as it wont work anymore :)
caps are enabled silently :)

but i guess you try to get them and revert to the old mechanisms if it fails.

> So, I modified Torben's LSM to check supplementary groups, and this
> seems to work fine. From a system admin perspective it's pretty good.
> I'm a member of group `audio', which was accomplished by adding my
> user ID (joq) to the appropriate entry in /etc/group...
>
> [...]

well this is an alternative but i would be happier to explicitely give
away the DOS privilege to programs. rather than enabling it for my
account.

> For reasons I cannot explain, this works without requiring the
> CAP_SYS_RESOURCE capability, a welcome but unexpected bonus.

very nice indeed. i really wasnt very happy with RESOURCE

> I would appreciate comments, feedback, and bug reports. If you want
> to try it, don't forget that it has received minimal testing. Neither
> I nor anyone else can promise that it will not adversely affect your
> system security or stability. Caveat emptor!

yep...

-- 
torben Hohn
http://galan.sourceforge.net -- The graphical Audio language

Next message: Uwe Koloska: "[linux-audio-dev] deconvolver for IR creation anyone?"
Previous message: Joern Nettingsmeier: "Re: [linux-audio-dev] New Linux Audio Column in Linux Journal"
Next in thread: Jack O'Quin: "Re: [linux-audio-dev] Linux Security Module for realtime audio"
Maybe reply: torbenh_AT_gmx.de: "Re: [linux-audio-dev] Linux Security Module for realtime audio"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

This archive was generated by hypermail 2b28 : Mon Dec 08 2003 - 10:22:32 EET