Re: [PATCH][LSM] Early init for security modules and various cleanups

Grzegorz Jaskiewicz (gj@pointblue.com.pl)
Mon, 2 Jun 2003 12:08:25 +0200 (CEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Wright: "Re: [PATCH][LSM] Early init for security modules and various cleanups"
Previous message: Alistair J Strachan: "Re: 2.5.70-mm3"

On Mon, 2 Jun 2003, Chris Wright wrote:

> @@ -91,7 +92,7 @@
> * Superuser processes are usually more important, so we make it
> * less likely that we kill those.
> */
> - if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
> + if (!security_capable(p,CAP_SYS_ADMIN) ||
> p->uid == 0 || p->euid == 0)
> points /= 4;
..............
> - if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
> + if (!security_capable(p,CAP_SYS_RAWIO))
> points /= 4;

Correct me if i am wrong, but I think it is not a good idea to favor
applications with more
capabilities, as ussualy those are most wanted target on a system.

-- Grzegorz Jaskiewcz

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: [PATCH][LSM] Early init for security modules and various cleanups"
Previous message: Alistair J Strachan: "Re: 2.5.70-mm3"