Lorenzo Hernandez Garcia-Hierro lorenzohgh at gmail.com
Tue Nov 1 12:31:29 CST 2005


Hi,

We are still working on a fix for the freeze bug, but at least I've been
able to isolate the buggy code (thanks to Herbert, Bertl on IRC). It's
related to the sysfs interfaces. Probably we'll fix it as-is or just
move to securityfs as of the changes introduced into mainline 2.6.14.

In any case, the cap_over merge is clean and working and that code has
no issues. Thus, we can start the policy work while trying to fix the
freeze bug.

Policy work involves researching on the default setuid binaries in
dapper and breezy, and creating policies for each one of them. You just
need the policy loader and cap_over LSM.

Jeff and me are going to spend time on it, so, we can have a dapper and
breezy system without setuid binaries.

I hope this is good news for all of us (and I apologize of not solving
the freeze bug, I'm working on it when I have the time but I've been
busy with other stuff). Hopefully with help from Herbert, Eugene and
Nguyen, it will get solved out soon.

At least, we can still work on the policy and avoid wasting time ;).
cap_over from upstream works fine on kernels up to 2.6.14 (mainline
tested).

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo at gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada
	digitalmente
Url : http://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20051101/be636c33/attachment.pgp


More information about the ubuntu-hardened mailing list