[rsbac] Thoughts on the "No Linux Security Modules framework" old
claims
Michal Purzynski
albeiro at polsl.gliwice.pl
Thu Feb 24 13:17:28 CET 2005
On 24 lut, 2005, at 9:28, Amon Ott wrote:
> As long as the capabilities module does not support stacking, anybody
> needing capabilities and e.g. on-access scanning with Dazuko will
> have to unload this module, load another module, and reload it. This
> creates a nasty race condition. BTW, what happens if capabilities
> have been compiled static, not as a module?
>
>
in fact using capabilites as LKM is rather dangerous. just some parts
of kernel should _never ever_ be made modular. and there was bug
recently, showing up when capabilites was build as LKM. it was pretty
agreed that it should not be done so.
>
> no doubt we will see trojans using LSM disabling stacking along with
> other decision modules with this design
More information about the rsbac
mailing list