On Tue, Sep 25, 2001 at 04:40:38PM -0700, richard offer wrote:
> Not much has changed recently,
*sigh* Including a huge problem I pointed out before...
> I re-worked ptrace() to follow the pre-LSM
> logic to avoid any race conditions that Greg was worried about.
Thanks.
> + /* messier than it should be to ensure we have a code path identical to
> + * that pre-LSM */
... honestly ...
> ===== security/capability_plug.c 1.66 vs edited =====
> --- 1.66/security/capability_plug.c Sun Sep 23 18:37:19 2001
> +++ edited/security/capability_plug.c Tue Sep 25 10:41:04 2001
> @@ -21,27 +21,27 @@
> /* flag to keep track of how we were registered */
> static int secondary;
>
> -static int cap_sethostname (char *hostname)
> +static int cap_sethostname (char *hostname, int kerror)
> {
> return 0;
> }
And here start the problems.
If you just blanket return 0 from all these authoritative functions, you
have given root away. While I know we all want to push our individual
security modules, neutering the ones that come with the kernel won't
make us real popular. :)
Fix all these, and I think the patch might have potential.
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 18:13:32 PDT