> > I think the issue is that the logic is wrong (or unclear at the least.)
> >
> > Currently it is saying:
> > if (you are rootish, own the process, or the module lets you) you can
> > renice things
> >
> > And Roy suggests:
> > if ((you are rootish or own the process) AND (the module lets you)) you
> > can renice things.
> >
> > Beyond even dummy stuff, it seems more useful (not to mention safer) to
> > rework the logic. This way one could write modules that would hamper root
> > (useful for trappin' baddies), instead of writing modules that allow huge
> > security holes.
>
> I understand what your driving at. But I hesitate to make logic changes to
> the kernel. Consider original code reads...
>
> if (p->uid != current->euid &&
> p->uid != current->uid && !capable(CAP_SYS_NICE)) {
>
> This really doesn't have any test for root. just checks that both your uid
> and euid don't match the target process's uid _and_ you aren't capable.
Well, if that is the way it is in the kernel, that's good. Still, since
we are changing the entire capabilities system anyway, it is a nice time
to make the system a bit smarter.
But I agree, if we are not going to watch for stuff like this then we
really need to examine the dummy functions. : )
-Titus
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 16:41:32 PDT