Package: linux-2.6 Severity: normal The LSM for BSD secure levels is broken by design and unmaintained. (CVE-2005-4351 and CVE-2005-4252). It's scheduled for removal upstream (http://lkml.org/lkml/2006/8/2/180), but hasn't been dropped yet in 2.6.18.
While it's not enabled in the binary builds, it's selectable for users building their own kernels. Attached you can find a patch to make this LSM depend on BROKEN. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--- linux-2.6.18/security/Kconfig.orig 2006-09-25 00:18:11.000000000 +0200 +++ linux-2.6.18/security/Kconfig 2006-09-25 00:18:24.000000000 +0200 @@ -95,7 +95,7 @@ config SECURITY_SECLVL tristate "BSD Secure Levels" - depends on SECURITY + depends on SECURITY && BROKEN select CRYPTO select CRYPTO_SHA1 help