suser/fsuser checks

• Previous message: I.P. Park: "RE: Status of Lomac for LSM"
• Next in thread: Chris Wright: "Re: suser/fsuser checks"
• Reply: Chris Wright: "Re: suser/fsuser checks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There are many calls to suser() in devices to check
for superuser privilege but no LSM hook involved.
According to the comment in sched.h the suser()/
fsuser() routines will be removed but while they
are still in use shouldn't we put a capable() call
inside them?  We could create a generic capability
for device management (ie CAP_DEV_MGT).

Any suggestions/objections?

-- 
Lachlan McIlroy

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: suser/fsuser checks"
• Previous message: I.P. Park: "RE: Status of Lomac for LSM"
• Next in thread: Chris Wright: "Re: suser/fsuser checks"
• Reply: Chris Wright: "Re: suser/fsuser checks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 17:59:45 PDT