On Thu, 6 Sep 2001, Chris Wright wrote: > yes, that's what i'm questioning. i haven't looked at all the cases in > the kernel that use CAP_(SYS|NET)_ADMIN. i recall that CAP_SYS_ADMIN > is used for mounting/unmounting (along with many other things). so the > CAP_SYS_ADMIN test in sys_umount followed by the lsm umount hook in > do_umount (well, besides the fact that we'd need to move the lsm hook > to sys_umount like was done in the authoritative patch) is an example > of CAP_SYS_ADMIN being used in a way that one would conceivably want to > use it as an override. This seems like a more legitimate example than msgget. Ok, so the capable+restrictive hook solution doesn't seem to be sufficient to implement authoritative hooks. > p.s. in fact i see no good reason not to move the lsm umount hook to > sys_umount. that way it is not within the BKL. any objections? This is fine with me. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 12:06:52 PDT