* Titus D. Winters (titusat_private) wrote: > > The dummy functions don't really provide much in the way of security. They > > fall some where between DAC and everybody is root. Stephen Smalley has > > suggested re-evaluating the dummy code and adding root checks to align with > > DAC. I am inclined to fix this in dummy_setnice rather than > > sys_setpriority. > > I think the issue is that the logic is wrong (or unclear at the least.) > > Currently it is saying: > if (you are rootish, own the process, or the module lets you) you can > renice things > > And Roy suggests: > if ((you are rootish or own the process) AND (the module lets you)) you > can renice things. > > Beyond even dummy stuff, it seems more useful (not to mention safer) to > rework the logic. This way one could write modules that would hamper root > (useful for trappin' baddies), instead of writing modules that allow huge > security holes. I understand what your driving at. But I hesitate to make logic changes to the kernel. Consider original code reads... if (p->uid != current->euid && p->uid != current->uid && !capable(CAP_SYS_NICE)) { This really doesn't have any test for root. just checks that both your uid and euid don't match the target process's uid _and_ you aren't capable. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 16:13:27 PDT