On Sat, Sep 30, 2006 at 07:13:41PM +0200, Moritz Muehlenhoff wrote:
> maximilian attems wrote:
> > On Mon, Sep 25, 2006 at 12:24:33AM +0200, Moritz Muehlenhoff wrote:
> > >
> > > The LSM for BSD secure levels is broken by design and unmaintained.
> > > (CVE-2005-4351 and CVE-2005-4252). It's scheduled for removal
> > > upstream (http://lkml.org/lkml/2006/8/2/180), but hasn't been dropped
> > > yet in 2.6.18.
> > >
> > > While it's not enabled in the binary builds, it's selectable for
> > > users building their own kernels. Attached you can find a patch
> > > to make this LSM depend on BROKEN.
> >
> > plese send that upstream, afaik it's disabled in any current sid/testing
> > linux-image.
>
> Yes, but if it's in the source package, users expect support for it.
not much support, we as d-kernel team don't actively support hand-build
kernels, they are _usualy_ out of date and often you find strange
.config choices.
> I wrote this patch because it's the least intrusive. If it gets removed
> in the 2.6.19 merge window would you accept it or would you instead merge a
> patch that removes the code entirely?
it is removed in the current tree of linus,
i'll push that patch into svn for the next 2.6.18.
i agree that we don't need it.
> Cheers,
> Moritz
while talking about security stuff, i'd like to see the fedora
patches that close the /dev/{k,}mem barn door pushed upstream.
afaik newer xorg no longer needs to poke randomly in there.
best regards
--
maks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
