Re: [PATCH] disallow modular capabilities
From: Chris Wright
Date: Tue Jan 04 2005 - 16:43:44 EST
* Christoph Hellwig (hch@xxxxxx) wrote:
> On Tue, Jan 04, 2005 at 01:05:29PM -0800, Linus Torvalds wrote:
> > On Tue, 4 Jan 2005, Lee Revell wrote:
> > > And I posted this to LKML almost a week ago, and a real fix was posted
> > > in response.
> > >
> > > http://lkml.org/lkml/2004/12/28/112
> >
> > Well, I realize that it has been on bugtraq, but does that make it a real
> > concern? I'll make the tristate a boolean, but has anybody half-way sane
> > ever _done_ what is described by the bugtraq posting? IOW, it looks pretty
> > much like a made-up example, also known as a "don't do that then" kind of
> > buglet ;)
>
> I don't think this particular one is too serious. But I think we'll see
> more serious issues with other modular security modules.
It's only a problem when you care about the state of things that have
run before the module is loaded. This ranges between no problem and
major problem on a case by case basis. For example, really makes sense
to have SELinux only compiled in. For this one, we can just track
capabilities bits in default dummy stub code, it's painless and allows
keeping capabilities modular for those who use it that way.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/