On Tue, 2004-12-28 at 23:36 -0800, Fernando Lopez-Lezcano wrote: > Any kernel that wants to use the realtime-lsm > will have to either not build the POSIX capabilities lsm, or build it as > a module. In the later case the system will be vulnerable. The > realtime-lsm does not depend on the POSIX capabilities lsm but it forces > you to build it as a module, exposing the vulnerability, which maybe I > misunderstood as not being present if you build with the POSIX lsm into > the kernel (as opposed to building it as a module). > > I do understand that loading the realtime lsm only does not create a > vulnerability (other than well known possibilities of DOS attacks by > mean linux audio users :-)
OK, that is a clearer explanation than mine ;-) Anyway the kernel folks don't seem worried. Lee
