Re: [PATCH v2 1/2] syslog: distinguish between /proc/kmsg andsyscalls

From: James Morris
Date: Wed Feb 03 2010 - 22:54:14 EST

Next message: Ben Hutchings: "Re: [PATCH] Fix 'flush_old_exec()/setup_new_exec()' split"
Previous message: James Morris: "Re: [PATCH v2 2/2] syslog: use defined constants instead of rawnumbers"
In reply to: John Johansen: "Re: [PATCH v2 1/2] syslog: distinguish between /proc/kmsg and syscalls"
Next in thread: Alex Riesen: "Re: [PATCH v2 1/2] syslog: distinguish between /proc/kmsg and syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Feb 2010, Kees Cook wrote:

> This allows the LSM to distinguish between syslog functions originating
> from /proc/kmsg access and direct syscalls. By default, the commoncaps
> will now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsg
> file descriptor. For example the kernel syslog reader can now drop
> privileges after opening /proc/kmsg, instead of staying privileged with
> CAP_SYS_ADMIN. MAC systems that implement security_syslog have unchanged
> behavior.
>
> Signed-off-by: Kees Cook <kees.cook@xxxxxxxxxxxxx>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Hutchings: "Re: [PATCH] Fix 'flush_old_exec()/setup_new_exec()' split"
Previous message: James Morris: "Re: [PATCH v2 2/2] syslog: use defined constants instead of rawnumbers"
In reply to: John Johansen: "Re: [PATCH v2 1/2] syslog: distinguish between /proc/kmsg and syscalls"
Next in thread: Alex Riesen: "Re: [PATCH v2 1/2] syslog: distinguish between /proc/kmsg and syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]