Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

New Message Reply About this list Date view Thread view Subject view Author view Other groups

Subject: Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Fernando Lopez-Lezcano (nando_AT_ccrma.stanford.edu)
Date: Wed Dec 29 2004 - 07:51:25 EET


On Tue, 2004-12-28 at 13:35, Lee Revell wrote:
> On Tue, 2004-12-28 at 13:17 -0800, Fernando Lopez-Lezcano wrote:
> > On Tue, 2004-12-28 at 12:28, Lee Revell wrote:
> > > On Mon, 2004-12-27 at 14:41 +0100, Frank Barknecht wrote:
> > > > Read on here:
> > > > http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html
> > >
> > > Wow, this is a HORRIBLE bug.
> >
> > Indeed. I tried it and it works. Someone should have been pointing a
> > camera at me to capture the "moment" :-) Spent the better part of
> > yesterday building new Planet CCRMA kernels without this "feature".
>
> Yes, fortunately realtime-lsm does not depend on the capability module.
> Still, I would expect that many audio users load it out of confusion.

At least in FC3 the capability module is not a module, it is built into
the kernel. Thus the problem, the realtime lsm does not work (tried it)
if capability is built into the kernel, apparently the two modules can't
be stacked, it is one or the other. So, any low latency kernel that
wants to use realtime lsm is, I think, going to be affected.

-- Fernando


New Message Reply About this list Date view Thread view Subject view Author view Other groups

This archive was generated by hypermail 2b28 : Wed Dec 29 2004 - 08:00:36 EET