Re: [PATCH] [request for inclusion] Realtime LSM

From: Jack O'Quin
Date: Fri Jan 07 2005 - 15:10:02 EST

Next message: Christoph Lameter: "Re: From last __GFP_ZERO changes"
Previous message: Marcelo Tosatti: "Re: Fix for new elf_loader bug?"
In reply to: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Takashi Iwai: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Martin Mares <mj@xxxxxx> writes:

>> Yes, SETPCAP became a gaping security hole. Recall the sendmail hole.
>
> Hmmm, I don't remember now, could you give me some pointer, please?

I already did that...

> Jack O'Quin wrote:
> > The biggest problem was CAP_SETPCAP, which for good reasons[1] is
> > disabled in distributed kernels. This forced every user to patch and
> > build a custom kernel. Worse, it opened all our systems up to the
> > problems reported by this sendmail security advisory.

[1] http://www.securiteam.com/unixfocus/5KQ040A1RI.html

--
joq
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Lameter: "Re: From last __GFP_ZERO changes"
Previous message: Marcelo Tosatti: "Re: Fix for new elf_loader bug?"
In reply to: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Takashi Iwai: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]