* Stephen Smalley (sdsat_private) wrote: > > I agree that there are a number of different capabilities used to override > DAC restrictions, but this is documented in capability.h. So assuming we > were to fix the above problem with msgget, where else is a > single capability value used sometimes to override DAC and sometimes to > authoritatively control an operation (where we lack a restrictive hook)? i don't think this is enough. $ rgrep -r 'CAP_..._ADMIN' linux-2.4/drivers | wc -l 296 so there are 296 instances of either CAP_NET_ADMIN or CAP_SYS_ADMIN in the drivers. the only lsm hook i see in drivers in in char/tty_io.c (which isn't colocated with a capable hook...this would be a problem also). these are things like messing with NIC's, the entropy pool, lvm opening character devices or block ioctls, raw device ioctls, etc... how is this not a problem for the capability override mechanism? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 10:47:28 PDT