Re: TOMOYO in linux-next

[Pavel Machek]

On Fri 2009-03-27 14:04:32, Bodo Eggert wrote:
> On Fri, 27 Mar 2009, Pavel Machek wrote:
> > On Fri 2009-03-27 10:28:07, Bodo Eggert wrote:
> > > Pavel Machek <pavel@xxxxxx> wrote:
> 
> > > > I don't think merging that is good idea. Security should be doable
> > > > without making shell-like glob matching...
> > > 
> > > How do you suppose a security system should handle mozilla modifying
> > > ~/.bashrc differently from downloading something to ~/pr0n.jpg?
> > 
> > How does shell-like glob matching help there? You'd need to parse
> > /etc/passwd to find all ~ directories...
> 
> That is, if you'd use HOME=`dd if=/dev/urandom ...`.
> 
> If you have your users in /home/user, you can tell /home/*/.*
> is bad, /home/*/[^.]* is OK.

On the common systems I know of, homes are spread over different
volumes and different directories. TOMOYO's wildcards do _not_ solve
this particular problems.

> How would you exclude mozilla from writing to .* then? ".a" is bad,
> ".b" is bad ...? or "A" is OK, "a" is OK, "zzzzzzzzzzzzz" is OK"?
> Either way, you'd need several universes to store the security profile.

What is magic about .* files? I want mozilla to store the pictures as
.naughty.picture.jpg -- I don't see anything wrong with that.
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/