Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

Subject: Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Lee Revell (rlrevell_AT_joe-job.com)
Date: Wed Dec 29 2004 - 11:21:49 EET

Next message: Spencer Russell: "[linux-audio-dev] 2.6.10-rc2-mm3 Hang"
Previous message: Fernando Lopez-Lezcano: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
In reply to: Fernando Lopez-Lezcano: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Frank Barknecht: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Reply: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Reply: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"

On Tue, 2004-12-28 at 23:36 -0800, Fernando Lopez-Lezcano wrote:
> Any kernel that wants to use the realtime-lsm
> will have to either not build the POSIX capabilities lsm, or build it as
> a module. In the later case the system will be vulnerable. The
> realtime-lsm does not depend on the POSIX capabilities lsm but it forces
> you to build it as a module, exposing the vulnerability, which maybe I
> misunderstood as not being present if you build with the POSIX lsm into
> the kernel (as opposed to building it as a module).
>
> I do understand that loading the realtime lsm only does not create a
> vulnerability (other than well known possibilities of DOS attacks by
> mean linux audio users :-)

OK, that is a clearer explanation than mine ;-)

Anyway the kernel folks don't seem worried.

Lee

Next message: Spencer Russell: "[linux-audio-dev] 2.6.10-rc2-mm3 Hang"
Previous message: Fernando Lopez-Lezcano: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
In reply to: Fernando Lopez-Lezcano: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Frank Barknecht: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Next in thread: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Reply: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"
Reply: Lee Revell: "Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

This archive was generated by hypermail 2b28 : Wed Dec 29 2004 - 11:27:56 EET