Subject: Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Lee Revell (rlrevell_AT_joe-job.com)
Date: Wed Dec 29 2004 - 11:21:49 EET
On Tue, 2004-12-28 at 23:36 -0800, Fernando Lopez-Lezcano wrote:
> Any kernel that wants to use the realtime-lsm
> will have to either not build the POSIX capabilities lsm, or build it as
> a module. In the later case the system will be vulnerable. The
> realtime-lsm does not depend on the POSIX capabilities lsm but it forces
> you to build it as a module, exposing the vulnerability, which maybe I
> misunderstood as not being present if you build with the POSIX lsm into
> the kernel (as opposed to building it as a module).
>
> I do understand that loading the realtime lsm only does not create a
> vulnerability (other than well known possibilities of DOS attacks by
> mean linux audio users :-)
OK, that is a clearer explanation than mine ;-)
Anyway the kernel folks don't seem worried.
Lee
This archive was generated by hypermail 2b28 : Wed Dec 29 2004 - 11:27:56 EET