[d-kernel] [PATCH v5] AltHa: handle setcap binaries in the same way as setuid ones
Vitaly Chikunov
vt на altlinux.org
Пн Май 30 18:11:25 MSK 2022
Vladimir,
On Mon, May 30, 2022 at 02:48:56PM +0300, Vladimir D. Seleznev wrote:
> On Mon, May 23, 2022 at 01:44:04PM +0000, Vladimir D. Seleznev wrote:
> > altha.nosuid facility controls what binaries can raise user privilleges.
> > Prior to this commit it only handled setuid binaries, but it was still
> > possible to raise privilleges via setcaps. Now it handles both setuid
> > and setcap binaries.
> >
> > Signed-off-by: Vladimir D. Seleznev <vseleznv at altlinux.org>
> > ---
> > Documentation/admin-guide/LSM/AltHa.rst | 6 ++--
> > security/altha/Kconfig | 2 +-
> > security/altha/altha_lsm.c | 47 ++++++++++++++++++++-----
> > 3 files changed, 43 insertions(+), 12 deletions(-)
> >
>
> Ping
What about tests?
ps. I also have additional thoughts about this protection concept itself.
>
> --
> WBR,
> Vladimir D. Seleznev
> _______________________________________________
> devel-kernel mailing list
> devel-kernel at lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel-kernel
Подробная информация о списке рассылки devel-kernel