Re: [RFC] LSM changes for 2.5.38

Christoph Hellwig (hch@infradead.org)
Fri, 27 Sep 2002 19:59:19 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Morton: "Re: Warning - running *really* short on DMA buffers while doingfile"
Previous message: Justin T. Gibbs: "Re: Warning - running *really* short on DMA buffers while doing"
In reply to: Valdis.Kletnieks@vt.edu: "Re: [RFC] LSM changes for 2.5.38"

On Fri, Sep 27, 2002 at 02:54:25PM -0400, Valdis.Kletnieks@vt.edu wrote:
> By the same token, at that point you can download the kernel source and
> build it without LSM. What I showed was a way to bypass the iptables
> rules set up *WITHOUT REPLACING A MODULE* (which might be detected by
> tripwire, or totally refused because the LSM rejects any writes in /lib/modules).

insmod doesn't require modules to be in /lib/modules. Anyway I could even change
the device name _after_ it was loaded. this is linux and not BSD..

Given that we really want to fine-grained control who's netdevice can get what
names we'd` better place a hook in dev_alloc_name.

And that's my whole point: LSM adds random hooks all over the place without
even thinking what they intend to protect.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: Warning - running *really* short on DMA buffers while doingfile"
Previous message: Justin T. Gibbs: "Re: Warning - running *really* short on DMA buffers while doing"
In reply to: Valdis.Kletnieks@vt.edu: "Re: [RFC] LSM changes for 2.5.38"