Re: Upstream first policy

From: Florian Mickler
Date: Tue Mar 09 2010 - 12:15:20 EST

Next message: Florian Mickler: "Re: opendir() on a file???"
Previous message: Randy Dunlap: "Re: Linux 2.6.34-rc1"
In reply to: Eric Paris: "Re: Upstream first policy"
Next in thread: Alan Cox: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 8 Mar 2010 18:18:21 -0500
Eric Paris <eparis@xxxxxxxxxxxxxx> wrote:

> You do realize that with content based security systems the pathnames
> aren't important and you could implement your example patch? Sure a
> user could mount something on /lib and put their own files there, but
> since that user couldn't get them labelled correctly the suid app
> would not be able to use them and would fail. Users would have new
> and interesting way to break their computers!

but isn't that why a pathname based protect of /lib would be better? so
that users couldn't break their system?

>I thank you for your
> vote for content based security systems instead of pathname systems
> and look forward to your future contributions to either that body of
> knowledge or the bridging of the gap between the two *smile*
>
> -Eric

i interpret it not this way. but i'm an amateur securita :)

cheers,
Flo

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Florian Mickler: "Re: opendir() on a file???"
Previous message: Randy Dunlap: "Re: Linux 2.6.34-rc1"
In reply to: Eric Paris: "Re: Upstream first policy"
Next in thread: Alan Cox: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]