El dom, 16-01-2005 a las 00:31 +0100, Christian Mayrhuber escribió: > Hi, > > I'm not sure if this list is the correct location to report > but I'll try anyway. > > A sarge install with a kernel 2.6 does not load any > linux security kernel modules per default, neither > capabilies nor lsm, which is insecure. That seems the default behavior by now, but loading the capabilities LSM without the disabling parameter will cause that SELinux or other linux security modules wouldn't be able to register with the LSM framework. Also, it's not insecure, it will just lack of capabilities support and handling withing the LSM framework, indeed, what other "LSM's" are you talking about? AFAIK, Vanilla sources come with root_plug, BSD Secure Levels and SELinux, and they are not enabled at all because: 1) root_plug depends on specific hardware configuration 2) BSD Secure Levels are new from latest 2.6.10 3) SELinux is still "under deployment", so, support is there, but it's disabled until userland applications are ready and policies get well designed and tested. If you think there's something you can do to achieve at least the 3 point, feel free to mail me privately and i will see what we can try to do. There's currently an already formed team of members from the Hardened Debian project and both Ubuntu Linux and Debian projects, for doing such things, the work is focused on Sid, and in the forthcoming months we will see the results, hopefully. Cheers, -- Lorenzo Hernández García-Hierro <lorenzo@gnu.org> [1024D/6F2B2DEC] [2048g/9AE91A22] Hardened Debian head developer & project manager
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente