Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

From: Serge E. Hallyn
Date: Wed Apr 19 2006 - 07:41:18 EST

Next message: Nicolas Boichat: "[PATCH] MacBook Pro touchpad support"
Previous message: Komal Shah: "Re: RFC: rename arch/arm/mach-s3c2410 to arch/arm/mach-s3c24xx"
In reply to: Valdis . Kletnieks: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Valdis . Kletnieks: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Valdis.Kletnieks@xxxxxx (Valdis.Kletnieks@xxxxxx):
> On Wed, 19 Apr 2006 02:40:25 EDT, Kyle Moffett said:
> > Perhaps the SELinux model should be extended to handle (dir-inode,
> > path-entry) pairs. For example, if I want to protect the /etc/shadow
> > file regardless of what tool is used to safely modify it, I would set
>
> Some of us think that the tools can protect /etc/shadow just fine on their
> own, and are concerned with rogue software that abuses /etc/shadow without
> bothering to safely modify it..

Can you rephrase this? I'm don't understand what you're saying...

My default response would have to be:

> own, and are concerned with rogue software that abuses /etc/shadow without
> bothering to safely modify it..

rogue software like vi?

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nicolas Boichat: "[PATCH] MacBook Pro touchpad support"
Previous message: Komal Shah: "Re: RFC: rename arch/arm/mach-s3c2410 to arch/arm/mach-s3c24xx"
In reply to: Valdis . Kletnieks: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Valdis . Kletnieks: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]