Re: Stacking Openwall and SELinux?

From: Russell Coker (russellat_private)
Date: Mon Apr 01 2002 - 20:22:30 PST

  • Next message: Crispin Cowan: "Re: Stacking Openwall and SELinux?"

    On Tue, 2 Apr 2002 05:03, Chris Wright wrote:
    > * Russell Coker (russellat_private) wrote:
    > > On Mon, 1 Apr 2002 22:51, Stephen Smalley wrote:
    > > > > be stacked with SELinux?  In particular, it seems like
    > > > > Openwall would be useful to stack with SELinux.
    > > >
    > > > Not currently.  At present, the SELinux security module only functions
    > > > as a primary security module and provides minimal support for using
    > > > either the dummy security module (traditional superuser logic) or the
    > > > capabilities security module as a secondary security module.  The
    > > > recommended configuration is to use SELinux with capabilities.
    > >
    > > I've just had a look at what the LSM patch provides, it seems that stack
    > > protection is not an option.   As Stephen notes the special sym-link
    > > handling for /tmp doesn't work.
    > somehow i missed this.  how does the sym-link handling break?
    Simple, I created a symlink under /tmp to /etc/passwd, then did "cat 
    /tmp/passwd" as another user and saw the contents of the password file.  Not 
    what I wanted to happen.
    If you send email to me or to a mailing list that I use which has >4 lines
    of legalistic junk at the end then you are specifically authorizing me to do
    whatever I wish with the message and all other messages from your domain, by
    posting the message you agree that your long legalistic sig is void.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 20:33:52 PST