29 Dec
2004
29 Dec
'04
12:53 p.m.
On Wed, 2004-12-29 at 04:21 -0500, Lee Revell wrote:
On Tue, 2004-12-28 at 23:36 -0800, Fernando
Lopez-Lezcano wrote:
Spoke too soon. Here's the fix:
http://lkml.org/lkml/2004/12/29/59
Lee
Any kernel that wants to use the realtime-lsm
will have to either not build the POSIX capabilities lsm, or build it as
a module. In the later case the system will be vulnerable. The
realtime-lsm does not depend on the POSIX capabilities lsm but it forces
you to build it as a module, exposing the vulnerability, which maybe I
misunderstood as not being present if you build with the POSIX lsm into
the kernel (as opposed to building it as a module).
I do understand that loading the realtime lsm only does not create a
vulnerability (other than well known possibilities of DOS attacks by
mean linux audio users :-)
OK, that is a clearer explanation than mine ;-)
Anyway the kernel folks don't seem worried.