Re: [PATCH][LSM] Early init for security modules and various cleanups

From: Grzegorz Jaskiewicz (gj@pointblue.com.pl)
Date: Mon Jun 02 2003 - 05:08:25 EST


On Mon, 2 Jun 2003, Chris Wright wrote:

> @@ -91,7 +92,7 @@
> * Superuser processes are usually more important, so we make it
> * less likely that we kill those.
> */
> - if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
> + if (!security_capable(p,CAP_SYS_ADMIN) ||
> p->uid == 0 || p->euid == 0)
> points /= 4;
..............
> - if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
> + if (!security_capable(p,CAP_SYS_RAWIO))
> points /= 4;

Correct me if i am wrong, but I think it is not a good idea to favor
applications with more
capabilities, as ussualy those are most wanted target on a system.

--
Grzegorz Jaskiewcz

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Jun 07 2003 - 22:00:16 EST