Re: Determing the difference between path_walk and chdir ?

• Previous message: Valdis.Kletnieksat_private: "Re: [Linux-security-module-commit] lsm tree change 1.220"
• In reply to: Crispin Cowan: "Re: Determing the difference between path_walk and chdir ?"
• Next in thread: Stephen Smalley: "Re: Determing the difference between path_walk and chdir ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 26 Sep 2001 18:51:09 PDT, Crispin Cowan said:
> How about a policy that lets you execute commands in /usr/private/bin 
> but does not let you chdir to it, lest you do something naughty with "."?

Oh.. *4 watt nightlight bulb goes on*.

"lest you do something naughty with '.' that we forgot to check for in
all the OTHER policy rulesets.."

Yeah, THAT would work - I was getting hung up on the "but they cant do
anything naughty with '.' because we'll catch them when they do" concept,
and not thinking defense in depth....

/Valdis

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "2001_09_26 patch against 2.4.10"
• Previous message: Valdis.Kletnieksat_private: "Re: [Linux-security-module-commit] lsm tree change 1.220"
• In reply to: Crispin Cowan: "Re: Determing the difference between path_walk and chdir ?"
• Next in thread: Stephen Smalley: "Re: Determing the difference between path_walk and chdir ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 26 2001 - 19:30:32 PDT