Re: 2.6.6-mm2

[Andrea Arcangeli]

On Thu, May 13, 2004 at 12:42:49PM -0700, Chris Wright wrote:
> * Andrew Morton (akpm@xxxxxxxx) wrote:
> > Chris Wright <chrisw@xxxxxxxx> wrote:
> > >
> > > 
> > >  +static int capability_mask;
> > >  +module_param_named(mask, capability_mask, int, 0);
> > >  +MODULE_PARM_DESC(mask, "Mask of capability checks to ignore");
> > 
> > Is there a way to make this tunable at runtime, btw?
> 
> Yeah, it'd require sysctl or similar, and further reduces the security,
> unless you only allow bit clearing or something.

the runtime switch would be more confortable, the config is:

ONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_CAPABILITIES=y
CONFIG_SECURITY_CAPABILITIES_BOOTPARAM=y
CONFIG_SECURITY_ROOTPLUG=m
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
# CONFIG_SECURITY_SELINUX_MLS is not set

if the runtime switch needs sysctl then probably we can stay with
disable_cap_mlock or mlock_group (I prefer disable_cap_mlock because
having more sysctl doesn't make it more secure, if you can exploit
disable_cap_mlock you can exploit hugetlbfs_group and you can exploit
mlock_group too). It's an hack and the simplest hack is
disable_cap_mlock and it is more "featured" than the group that is only
available to one group of users at once.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/