[linux-audio-dev] Re: [Jackit-devel] Re: realtime-lsm in the kernel

[Jack O'Quin]

Lee Revell <rlrevell at joe-job.com> writes:

> Isn't a DoS attack also the worst case scenario with allcaps?  Or am I
> missing something?

No, it's not.  There is a scenario where an intruder uses SETPCAP to
deny root programs access to resources they need (like system logs).
I don't know all the implications of this, but it is potentially more
damaging than just DoS.

It was because of actual attacks like this that the kernel developers
removed SETPCAP from init's capability set.

> I do not see the objection; assuming there is a legitimate use for
> allcaps, the DoS exposure would certainly be less bad than having that
> process just run as root.  A DoS can't blow away the password file...

Since `allcaps' is an option, you don't have to use it.  But, there's
really no requirment for it in a pure 2.6-based system.

The only good reason for `allcaps' that I know of is to run jackstart
the same way in a dual-boot 2.4 and 2.6 environment.  Since I do that
a lot, I generally set that option.

For 2.6 users, it is cleaner and more secure not to use allcaps or
jackstart.  Just call jackd directly.
-- 
  joq