Chris Wright wrote: > * Lachlan McIlroy (lachlanat_private) wrote: > >>There are many calls to suser() in devices to check >>for superuser privilege but no LSM hook involved. >>According to the comment in sched.h the suser()/ >>fsuser() routines will be removed but while they >>are still in use shouldn't we put a capable() call >>inside them? We could create a generic capability >>for device management (ie CAP_DEV_MGT). >> >>Any suggestions/objections? >> > > This is an outstanding kerneljanitor task. I have seen patches floating > about that take suser/fsuser out of 2.5, but AFAIK more work needs to be > done. I'd suggest focusing on removing them. > > cheers, > -chris > >>-- >>Lachlan McIlroy >> >>_______________________________________________ >>linux-security-module mailing list >>linux-security-moduleat_private >>http://mail.wirex.com/mailman/listinfo/linux-security-module >> > > Thanks for the info Chris, I'll have a look around for those patches and see what they do. Ultimately, I would like to see all calls to suser() replaced with calls to capable(). -- Lachlan McIlroy Tel: +61 3 8534 5531 Trusted Linux Fax: +61 3 9596 2960 Adacel Technologies Ltd www.adacel.com _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 18:15:26 PDT