Bug#389282: linux-2.6: Make BSD secure levels depend on CONFIG_BROKEN
Package: linux-2.6
Severity: normal
The LSM for BSD secure levels is broken by design and unmaintained.
(CVE-2005-4351 and CVE-2005-4252). It's scheduled for removal
upstream (http://lkml.org/lkml/2006/8/2/180), but hasn't been dropped
yet in 2.6.18.
While it's not enabled in the binary builds, it's selectable for
users building their own kernels. Attached you can find a patch
to make this LSM depend on BROKEN.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
--- linux-2.6.18/security/Kconfig.orig 2006-09-25 00:18:11.000000000 +0200
+++ linux-2.6.18/security/Kconfig 2006-09-25 00:18:24.000000000 +0200
@@ -95,7 +95,7 @@
config SECURITY_SECLVL
tristate "BSD Secure Levels"
- depends on SECURITY
+ depends on SECURITY && BROKEN
select CRYPTO
select CRYPTO_SHA1
help
Reply to: