Re: [PATCH] [request for inclusion] Realtime LSM

From: Martin Mares
Date: Fri Jan 07 2005 - 12:36:30 EST

Next message: Linus Torvalds: "Re: Make pipe data structure be a circular list of pages, ratherthan"
Previous message: Daniel Gryniewicz: "Re: Process blocking behaviour"
In reply to: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

> Yes, SETPCAP became a gaping security hole. Recall the sendmail hole.

Hmmm, I don't remember now, could you give me some pointer, please?

> This won't work, you can't increase the bset, which is hardcoded to
> leave out SETPCAP. Also, init is hard coded to start without SETPCAP.

If I read the source correctly, init is allowed to increase the bset,
the other processes aren't.

Have a nice fortnight
--
Martin `MJ' Mares <mj@xxxxxx> http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
American patent law: two monkeys, fourteen days.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: Make pipe data structure be a circular list of pages, ratherthan"
Previous message: Daniel Gryniewicz: "Re: Process blocking behaviour"
In reply to: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]