[linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

Lee Revell rlrevell at joe-job.com
Wed Dec 29 16:53:03 UTC 2004

Previous message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Next message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-12-29 at 04:21 -0500, Lee Revell wrote:
> On Tue, 2004-12-28 at 23:36 -0800, Fernando Lopez-Lezcano wrote:
> > Any kernel that wants to use the realtime-lsm
> > will have to either not build the POSIX capabilities lsm, or build it as
> > a module. In the later case the system will be vulnerable. The
> > realtime-lsm does not depend on the POSIX capabilities lsm but it forces
> > you to build it as a module, exposing the vulnerability, which maybe I
> > misunderstood as not being present if you build with the POSIX lsm into
> > the kernel (as opposed to building it as a module).
> > 
> > I do understand that loading the realtime lsm only does not create a
> > vulnerability (other than well known possibilities of DOS attacks by
> > mean linux audio users :-)
> 
> OK, that is a clearer explanation than mine ;-)
> 
> Anyway the kernel folks don't seem worried.
> 

Spoke too soon.  Here's the fix:

http://lkml.org/lkml/2004/12/29/59

Lee

Previous message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Next message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audio-dev mailing list