* Lachlan McIlroy (lachlanat_private) wrote: > There are some DAC checks that are coupled with capable > calls that check for a capability other than > CAP_DAC_OVERRIDE or CAP_DAC_READ_SEARCH. For example, > sys_setpriority uses CAP_SYS_NICE and sys_msgget uses > CAP_SYS_ADMIN. If we make these capabilities permanently > effective then we grant all processes access to system > calls, such as sys_sethostname, that are normally > restricted to processes that have these capabilities. ahh, this looks good. this gets back to the argument against replacing all capable() hooks. we had considered this originally. but after considering the > 500 capable() hooks all over the kernel we decided that we'd use them and not replace them. especially those in device drivers. so yes, i agree considering all the places where capable() calls aren't followed by lsm hooks, you just gave away the house. this is unacceptable. this looks like an, ahem, authoritative reason that we need to support authoritative hooks. i trust i'll be corrected if i'm being blind. cheers, -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 19:08:35 PDT