[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2024010306-tweezers-skinhead-083e@gregkh>
Date: Wed, 3 Jan 2024 07:59:18 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: 孟敬姿 <mengjingzi@....ac.cn>
Cc: pmladek@...e.com, rostedt@...dmis.org, john.ogness@...utronix.de,
senozhatsky@...omium.org, keescook@...omium.org,
tony.luck@...el.com, gpiccoli@...lia.com,
linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Suggestion for Capability Check Refinement in
check_syslog_permissions()
On Wed, Jan 03, 2024 at 01:00:58PM +0800, 孟敬姿 wrote:
> Hi, we suggest revisiting the capability checks in
> check_syslog_permissions(). Currently CAP_SYSLOG is checked first, and
> if it’s not there but there is a CAP_SYS_ADMIN, it can also pass the
> check. We recommend refining this check to exclusively use CAP_SYSLOG.
> Here's our reasoning for this suggestion:
Again, have you tested this?
thanks,
greg k-h
Powered by blists - more mailing lists