Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

Subject: Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Fernando Lopez-Lezcano (nando_AT_ccrma.stanford.edu)
Date: Wed Dec 29 2004 - 09:36:39 EET

Next message: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Previous message: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
In reply to: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Reply: Fernando Lopez-Lezcano: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Reply: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Reply: Frank Barknecht: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"

On Tue, 2004-12-28 at 22:15, Lee Revell wrote:
> On Tue, 2004-12-28 at 21:51 -0800, Fernando Lopez-Lezcano wrote:
> > On Tue, 2004-12-28 at 13:35, Lee Revell wrote:
> > > On Tue, 2004-12-28 at 13:17 -0800, Fernando Lopez-Lezcano wrote:
> > > > On Tue, 2004-12-28 at 12:28, Lee Revell wrote:
> > > > > On Mon, 2004-12-27 at 14:41 +0100, Frank Barknecht wrote:
> > > > > > Read on here:
> > > > > > http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html
> > > > >
> > > > > Wow, this is a HORRIBLE bug.
> > > >
> > > > Indeed. I tried it and it works. Someone should have been pointing a
> > > > camera at me to capture the "moment" :-) Spent the better part of
> > > > yesterday building new Planet CCRMA kernels without this "feature".
> > >
> > > Yes, fortunately realtime-lsm does not depend on the capability module.
> > > Still, I would expect that many audio users load it out of confusion.
> >
> > At least in FC3 the capability module is not a module, it is built into
> > the kernel. Thus the problem, the realtime lsm does not work (tried it)
> > if capability is built into the kernel, apparently the two modules can't
> > be stacked, it is one or the other. So, any low latency kernel that
> > wants to use realtime lsm is, I think, going to be affected.
>
> No, the capability module that is referred to in the advisory is the
> POSIX capabilities module. I have this configured as a module on my
> system, but never load it and realtime-lsm does not depend on it.
> realtime-lsm only depnds on the "commoncap" module.

> > So, any low latency kernel that
> > wants to use realtime lsm is, I think, going to be affected.

Why I think this is a yes. Any kernel that wants to use the realtime-lsm
will have to either not build the POSIX capabilities lsm, or build it as
a module. In the later case the system will be vulnerable. The
realtime-lsm does not depend on the POSIX capabilities lsm but it forces
you to build it as a module, exposing the vulnerability, which maybe I
misunderstood as not being present if you build with the POSIX lsm into
the kernel (as opposed to building it as a module).

I do understand that loading the realtime lsm only does not create a
vulnerability (other than well known possibilities of DOS attacks by
mean linux audio users :-)

-- Fernando

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

This archive was generated by hypermail 2b28 : Wed Dec 29 2004 - 09:47:50 EET