Subject: Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Lee Revell (rlrevell_AT_joe-job.com)
Date: Wed Dec 29 2004 - 08:15:22 EET
On Tue, 2004-12-28 at 21:51 -0800, Fernando Lopez-Lezcano wrote:
> On Tue, 2004-12-28 at 13:35, Lee Revell wrote:
> > On Tue, 2004-12-28 at 13:17 -0800, Fernando Lopez-Lezcano wrote:
> > > On Tue, 2004-12-28 at 12:28, Lee Revell wrote:
> > > > On Mon, 2004-12-27 at 14:41 +0100, Frank Barknecht wrote:
> > > > > Read on here:
> > > > > http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html
> > > >
> > > > Wow, this is a HORRIBLE bug.
> > >
> > > Indeed. I tried it and it works. Someone should have been pointing a
> > > camera at me to capture the "moment" :-) Spent the better part of
> > > yesterday building new Planet CCRMA kernels without this "feature".
> >
> > Yes, fortunately realtime-lsm does not depend on the capability module.
> > Still, I would expect that many audio users load it out of confusion.
>
> At least in FC3 the capability module is not a module, it is built into
> the kernel. Thus the problem, the realtime lsm does not work (tried it)
> if capability is built into the kernel, apparently the two modules can't
> be stacked, it is one or the other. So, any low latency kernel that
> wants to use realtime lsm is, I think, going to be affected.
No, the capability module that is referred to in the advisory is the
POSIX capabilities module. I have this configured as a module on my
system, but never load it, and realtime-lsm does not depend on it.
realtime-lsm only depnds on the "commoncap" module.
Lee
This archive was generated by hypermail 2b28 : Wed Dec 29 2004 - 08:18:01 EET