Re: suser/fsuser checks

• Previous message: Lachlan McIlroy: "suser/fsuser checks"
• In reply to: Lachlan McIlroy: "suser/fsuser checks"
• Next in thread: Lachlan McIlroy: "Re: suser/fsuser checks"
• Reply: Lachlan McIlroy: "Re: suser/fsuser checks"
• Reply: Stephen Smalley: "Re: suser/fsuser checks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Lachlan McIlroy (lachlanat_private) wrote:
> 
> There are many calls to suser() in devices to check
> for superuser privilege but no LSM hook involved.
> According to the comment in sched.h the suser()/
> fsuser() routines will be removed but while they
> are still in use shouldn't we put a capable() call
> inside them?  We could create a generic capability
> for device management (ie CAP_DEV_MGT).
> 
> Any suggestions/objections?

This is an outstanding kerneljanitor task.  I have seen patches floating
about that take suser/fsuser out of 2.5, but AFAIK more work needs to be
done.  I'd suggest focusing on removing them.

cheers,
-chris
> 
> -- 
> Lachlan McIlroy
> 
> _______________________________________________
> linux-security-module mailing list
> linux-security-moduleat_private
> http://mail.wirex.com/mailman/listinfo/linux-security-module
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Lachlan McIlroy: "Re: suser/fsuser checks"
• Previous message: Lachlan McIlroy: "suser/fsuser checks"
• In reply to: Lachlan McIlroy: "suser/fsuser checks"
• Next in thread: Lachlan McIlroy: "Re: suser/fsuser checks"
• Reply: Lachlan McIlroy: "Re: suser/fsuser checks"
• Reply: Stephen Smalley: "Re: suser/fsuser checks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 18:04:01 PDT