Re: PROBLEM: A Capability LSM Module serious bug

From: Chris Wright (chrisw@private)
Date: Mon Dec 08 2003 - 09:34:28 PST

  • Next message: Serge E. Hallyn: "Re: PROBLEM: A Capability LSM Module serious bug"

    * Serge E. Hallyn (hallyn@private) wrote:
    > Oops, that was a stupid test.
    > 
    > Your analysis is correct - thanks!
    > 
    > Another possible solution would be to have dummy.c correctly set
    > cap_effective to 0 on dummy_task_create.  Any opinions on the proper
    > way to go about this?
    
    I think the dummy module is going to need to know more about
    capabilities.  Clearing the field completely will then leave the machine
    disfunctional for all the privileged daemons.
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    



    This archive was generated by hypermail 2b30 : Mon Dec 08 2003 - 09:36:06 PST