Subject: Re: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
From: Lee Revell (rlrevell_AT_joe-job.com)
Date: Wed Dec 29 2004 - 18:53:03 EET
On Wed, 2004-12-29 at 04:21 -0500, Lee Revell wrote:
> On Tue, 2004-12-28 at 23:36 -0800, Fernando Lopez-Lezcano wrote:
> > Any kernel that wants to use the realtime-lsm
> > will have to either not build the POSIX capabilities lsm, or build it as
> > a module. In the later case the system will be vulnerable. The
> > realtime-lsm does not depend on the POSIX capabilities lsm but it forces
> > you to build it as a module, exposing the vulnerability, which maybe I
> > misunderstood as not being present if you build with the POSIX lsm into
> > the kernel (as opposed to building it as a module).
> >
> > I do understand that loading the realtime lsm only does not create a
> > vulnerability (other than well known possibilities of DOS attacks by
> > mean linux audio users :-)
>
> OK, that is a clearer explanation than mine ;-)
>
> Anyway the kernel folks don't seem worried.
>
Spoke too soon. Here's the fix:
http://lkml.org/lkml/2004/12/29/59
Lee
This archive was generated by hypermail 2b28 : Wed Dec 29 2004 - 19:02:06 EET