Re: [PATCH][LSM] Early init for security modules and various cleanups

Previous message: Chris Wright: "Re: [PATCH][LSM] Early init for security modules and various cleanups"
In reply to: Chris Wright: "[PATCH][LSM] Early init for security modules and various cleanups"
Next in thread: Chris Wright: "Re: [PATCH][LSM] Early init for security modules and various cleanups"
Reply: Chris Wright: "Re: [PATCH][LSM] Early init for security modules and various cleanups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

gjat_private

On Mon, 2 Jun 2003, Chris Wright wrote:

> @@ -91,7 +92,7 @@
>  	 * Superuser processes are usually more important, so we make it
>  	 * less likely that we kill those.
>  	 */
> -	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
> +	if (!security_capable(p,CAP_SYS_ADMIN) ||
>  				p->uid == 0 || p->euid == 0)
>  		points /= 4;
..............
> -	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
> +	if (!security_capable(p,CAP_SYS_RAWIO))
>  		points /= 4;

Correct me if i am wrong, but I think it is not a good idea to favor 
applications with more 
capabilities, as ussualy those are most wanted target on a system.

--
Grzegorz Jaskiewcz

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module