On Wed, 2004-12-29 at 04:21 -0500, Lee Revell wrote: > On Tue, 2004-12-28 at 23:36 -0800, Fernando Lopez-Lezcano wrote: > > Any kernel that wants to use the realtime-lsm > > will have to either not build the POSIX capabilities lsm, or build it as > > a module. In the later case the system will be vulnerable. The > > realtime-lsm does not depend on the POSIX capabilities lsm but it forces > > you to build it as a module, exposing the vulnerability, which maybe I > > misunderstood as not being present if you build with the POSIX lsm into > > the kernel (as opposed to building it as a module). > > > > I do understand that loading the realtime lsm only does not create a > > vulnerability (other than well known possibilities of DOS attacks by > > mean linux audio users :-) > > OK, that is a clearer explanation than mine ;-) > > Anyway the kernel folks don't seem worried. >
Spoke too soon. Here's the fix: http://lkml.org/lkml/2004/12/29/59 Lee
