Bug#389282: linux-2.6: Make BSD secure levels depend on CONFIG_BROKEN

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#389282: linux-2.6: Make BSD secure levels depend on CONFIG_BROKEN
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 25 Sep 2006 00:24:33 +0200
Message-id: <[🔎] 20060924222433.19073.95389.reportbug@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 389282@bugs.debian.org

Package: linux-2.6
Severity: normal

The LSM for BSD secure levels is broken by design and unmaintained.
(CVE-2005-4351 and CVE-2005-4252). It's scheduled for removal
upstream (http://lkml.org/lkml/2006/8/2/180), but hasn't been dropped
yet in 2.6.18.

While it's not enabled in the binary builds, it's selectable for
users building their own kernels. Attached you can find a patch
to make this LSM depend on BROKEN.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

--- linux-2.6.18/security/Kconfig.orig	2006-09-25 00:18:11.000000000 +0200
+++ linux-2.6.18/security/Kconfig	2006-09-25 00:18:24.000000000 +0200
@@ -95,7 +95,7 @@
 
 config SECURITY_SECLVL
 	tristate "BSD Secure Levels"
-	depends on SECURITY
+	depends on SECURITY && BROKEN
 	select CRYPTO
 	select CRYPTO_SHA1
 	help

Reply to:

Follow-Ups:
- Bug#389282: linux-2.6: Make BSD secure levels depend on CONFIG_BROKEN
  - From: Bastian Blank <waldi@debian.org>
- Bug#389282: linux-2.6: Make BSD secure levels depend on CONFIG_BROKEN
  - From: maximilian attems <maks@sternwelten.at>

Prev by Date: Re: Preparing linux-2.6 2.6.18-1
Next by Date: Bug#389296: linux-2.6_2.6.18-1(hppa/unstable): FTBFS: Missing build-dep?
Previous by thread: Processed: [bts-link] source package linux-2.6
Next by thread: Bug#389282: linux-2.6: Make BSD secure levels depend on CONFIG_BROKEN
Index(es):
- Date
- Thread