Subject: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Frank Barknecht (fbar_AT_footils.org)
Date: Mon Dec 27 2004 - 15:41:50 EET
Hi,
careful with the linux security module: As reported on Bugtraq,
there's a vulnerability when loading LSM as a module instead of
compiling it into the kernel:
"When POSIX Capability LSM module isn't compiled into kernel, after
inserting Capability module into kernel, all existed normal users
processes will have total Capability privileges of superuser (root)."
Read on here:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html
Ciao
-- Frank Barknecht _ ______footils.org__
This archive was generated by hypermail 2b28 : Mon Dec 27 2004 - 15:53:27 EET