On Tue, 2 Apr 2002 05:03, Chris Wright wrote: > * Russell Coker (russellat_private) wrote: > > On Mon, 1 Apr 2002 22:51, Stephen Smalley wrote: > > > > be stacked with SELinux? In particular, it seems like > > > > Openwall would be useful to stack with SELinux. > > > > > > Not currently. At present, the SELinux security module only functions > > > as a primary security module and provides minimal support for using > > > either the dummy security module (traditional superuser logic) or the > > > capabilities security module as a secondary security module. The > > > recommended configuration is to use SELinux with capabilities. > > > > I've just had a look at what the LSM patch provides, it seems that stack > > protection is not an option. As Stephen notes the special sym-link > > handling for /tmp doesn't work. > > somehow i missed this. how does the sym-link handling break? Simple, I created a symlink under /tmp to /etc/passwd, then did "cat /tmp/passwd" as another user and saw the contents of the password file. Not what I wanted to happen. -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 20:33:52 PST