From: Christoph Hellwig <hch@infradead.org>
To: Valdis.Kletnieks@vt.edu
Cc: linux-kernel@vger.kernel.org, linux-security-module@wirex.com
Subject: Re: [RFC] LSM changes for 2.5.38
Date: Fri, 27 Sep 2002 19:59:19 +0100 [thread overview]
Message-ID: <20020927195919.A4635@infradead.org> (raw)
In-Reply-To: <200209271854.g8RIsPe6002510@turing-police.cc.vt.edu>; from Valdis.Kletnieks@vt.edu on Fri, Sep 27, 2002 at 02:54:25PM -0400
On Fri, Sep 27, 2002 at 02:54:25PM -0400, Valdis.Kletnieks@vt.edu wrote:
> By the same token, at that point you can download the kernel source and
> build it without LSM. What I showed was a way to bypass the iptables
> rules set up *WITHOUT REPLACING A MODULE* (which might be detected by
> tripwire, or totally refused because the LSM rejects any writes in /lib/modules).
insmod doesn't require modules to be in /lib/modules. Anyway I could even change
the device name _after_ it was loaded. this is linux and not BSD..
Given that we really want to fine-grained control who's netdevice can get what
names we'd` better place a hook in dev_alloc_name.
And that's my whole point: LSM adds random hooks all over the place without
even thinking what they intend to protect.
next prev parent reply other threads:[~2002-09-27 18:54 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-27 4:32 [RFC] LSM changes for 2.5.38 Christoph Hellwig
2002-09-26 22:51 ` Greg KH
2002-09-27 16:48 ` Christoph Hellwig
2002-09-27 16:55 ` Greg KH
2002-09-27 17:01 ` Christoph Hellwig
2002-09-27 17:24 ` Greg KH
2002-09-27 12:09 ` Stephen Smalley
2002-09-27 16:34 ` Greg KH
2002-09-27 16:55 ` Christoph Hellwig
2002-09-27 18:09 ` Valdis.Kletnieks
2002-09-27 18:19 ` Christoph Hellwig
2002-09-27 18:54 ` Valdis.Kletnieks
2002-09-27 18:59 ` Christoph Hellwig [this message]
2002-09-30 14:19 ` Valdis.Kletnieks
2002-09-30 14:51 ` Alan Cox
2002-10-01 16:55 ` Christoph Hellwig
2002-10-02 17:55 ` Valdis.Kletnieks
2002-10-02 18:39 ` Christoph Hellwig
2002-10-02 22:55 ` Seth Arnold
2002-10-02 23:07 ` Alan Cox
2002-09-27 19:00 ` Stephen Smalley
2002-10-01 17:06 ` Christoph Hellwig
2002-09-30 9:08 ` Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2002-09-26 20:25 Greg KH
2002-09-26 20:26 ` Greg KH
2002-09-26 20:27 ` Greg KH
2002-09-26 20:28 ` Greg KH
2002-09-26 20:28 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020927195919.A4635@infradead.org \
--to=hch@infradead.org \
--cc=Valdis.Kletnieks@vt.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.