| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Dec 2006 16:16:39 -0800 From: Zack Weinberg <zackw@...ix.com> To: Stephen Smalley <sds@...ho.nsa.gov>, jmorris@...ei.org, Chris Wright <chrisw@...s-sol.org> Cc: linux-kernel@...r.kernel.org Subject: [patch 0/4] /proc/kmsg permissions, take three Here's a re-revised version of my patch set to allow klogd to drop privileges and continue reading from /proc/kmsg (currently, even if klogd has a legitimately opened fd on /proc/kmsg, it cannot read from it unless it has CAP_SYS_ADMIN asserted). SELinux's pickier and finer-grained privilege rules for /proc/kmsg are unchanged. The major change from the previous patchset [q.v. http://comments.gmane.org/gmane.linux.kernel/466034 ] is that, as Arjan van de Ven requested, the new header linux/klog.h contains only userspace-visible definitions (the constants for sys_syslog()). Thanks to Alexey Dobriyan for telling me the proper place to put the KLOGSEC_* constants (now renamed LSM_KLOG_* in keeping with other such constants). They have also been rediffed versus yesterday's git. They should be applied in sequence; each step compiles, and the complete set has been booted and tested to work as intended. Any comments, as usual, appreciated. I would very much like to see this in 2.6.20. zw - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists