Re: Stacking Openwall and SELinux?

• Previous message: Russell Coker: "Re: Stacking Openwall and SELinux?"
• In reply to: Russell Coker: "Re: Stacking Openwall and SELinux?"
• Next in thread: Russell Coker: "Re: Stacking Openwall and SELinux?"
• Reply: Russell Coker: "Re: Stacking Openwall and SELinux?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Russell Coker wrote:

>On Tue, 2 Apr 2002 05:03, Chris Wright wrote:
>
>>somehow i missed this.  how does the sym-link handling break?
>>
>Simple, I created a symlink under /tmp to /etc/passwd, then did "cat 
>/tmp/passwd" as another user and saw the contents of the password file.  Not 
>what I wanted to happen.
>
That is not what the OWLSM module is supposed to do. It has two protections:

    * Hard links: processes may not make hard links to files they do not
      have write access to
    * Sym links: root processes may not follow symlinks that are not
      owned by root

Your test above does not violate these policies.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Russell Coker: "Re: Stacking Openwall and SELinux?"
• Previous message: Russell Coker: "Re: Stacking Openwall and SELinux?"
• In reply to: Russell Coker: "Re: Stacking Openwall and SELinux?"
• Next in thread: Russell Coker: "Re: Stacking Openwall and SELinux?"
• Reply: Russell Coker: "Re: Stacking Openwall and SELinux?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 20:50:23 PST