[linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

Frank Barknecht fbar at footils.org
Mon Dec 27 13:41:50 UTC 2004


Hi,

careful with the linux security module: As reported on Bugtraq,
there's a vulnerability when loading LSM as a module instead of
compiling it into the kernel:

"When POSIX Capability LSM module isn't compiled into kernel, after
inserting Capability module into kernel, all existed normal users
processes will have total Capability privileges of superuser (root)."

Read on here:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html

Ciao
-- 
 Frank Barknecht                               _ ______footils.org__



More information about the Linux-audio-dev mailing list