On Mon, Jan 16, 2006 at 06:10:53PM -0500, cxzhang wrote: > > This patch contains a fix for the previous patch that adds security > contexts to IPsec policies and security associations. In the previous > patch, no authorization (besides the check for write permissions to > SAD and SPD) is required to delete IPsec policies and security > assocations with security contexts. Thus a user authorized to change > SAD and SPD can bypass the IPsec policy authorization by simply > deleteing policies with security contexts. To fix this security hole, > an additional authorization check is added for removing security > policies and security associations with security contexts.
Perhaps I'm missing something. But I thought only root can modify the SAD/SPD? -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
