Stephen Smalley wrote: > One other clarifying point: When I talk about universally granting > certain capabilities in order to bypass the built-in kernel logic and > to cause the corresponding LSM hook(s) to be authoritative, I only mean > that the security module's capable hook function always returns success to > the kernel for those capabilities. Internally, the security module is > likely to have its own private capable function that it uses for > truly testing capabilities in the hook functions in order to provide the > default kernel logic, possibly in combination with other logic. The shear cleverness of the capability+restrictive scheme is I believe its undoing. You can use it to totally circumvent the security architecure of the system. While it is fun to play with this sort of thing, I would never suggest using it for production code. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 16:01:03 PST