On Fri, Sep 27, 2002 at 02:54:25PM -0400, Valdis.Kletnieksat_private wrote: > By the same token, at that point you can download the kernel source and > build it without LSM. What I showed was a way to bypass the iptables > rules set up *WITHOUT REPLACING A MODULE* (which might be detected by > tripwire, or totally refused because the LSM rejects any writes in /lib/modules). insmod doesn't require modules to be in /lib/modules. Anyway I could even change the device name _after_ it was loaded. this is linux and not BSD.. Given that we really want to fine-grained control who's netdevice can get what names we'd` better place a hook in dev_alloc_name. And that's my whole point: LSM adds random hooks all over the place without even thinking what they intend to protect. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 12:00:34 PDT