[linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

Subject: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Frank Barknecht (fbar_AT_footils.org)
Date: Mon Dec 27 2004 - 15:41:50 EET

Next message: Dave Phillips: "[linux-audio-dev] Steinberg sold to Yamaha"
Previous message: Ian Howard: "[linux-audio-dev] Linux friendly, portable digital recording devices?"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"

Hi,

careful with the linux security module: As reported on Bugtraq,
there's a vulnerability when loading LSM as a module instead of
compiling it into the kernel:

"When POSIX Capability LSM module isn't compiled into kernel, after
inserting Capability module into kernel, all existed normal users
processes will have total Capability privileges of superuser (root)."

Read on here:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html

Ciao

-- 
 Frank Barknecht                               _ ______footils.org__

Next message: Dave Phillips: "[linux-audio-dev] Steinberg sold to Yamaha"
Previous message: Ian Howard: "[linux-audio-dev] Linux friendly, portable digital recording devices?"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

This archive was generated by hypermail 2b28 : Mon Dec 27 2004 - 15:53:27 EET