Re: New module: tpe

• Previous message: Valdis.Kletnieksat_private: "Re: New module: tpe"
• Maybe in reply to: Niki Rahimi: "New module: tpe"
• Next in thread: Valdis.Kletnieksat_private: "Re: New module: tpe"
• Next in thread: Niki Rahimi: "Re: New module: tpe"
• Reply: Valdis.Kletnieksat_private: "Re: New module: tpe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis wrote:

>The problem with this check is that you can still have a problem if (for
>instance)  /usr/bin is mode 755 owned root/system, but /usr is mode 775.
>This allows a privilege escalation under some circumstances - the proper
>check is "entire chain of directories from / to here".

Thanks for the feedback Valdis. I decided not to stray from the original
TPE project for OpenBSD and thus this is the current situation. I will
definitely put your idea on an enhancement list for the project.

-Niki


Niki A. Rahimi
LTC Security Development
narahimiat_private
(512)838-5399


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Niki Rahimi: "Re: New module: tpe"
• Previous message: Valdis.Kletnieksat_private: "Re: New module: tpe"
• Maybe in reply to: Niki Rahimi: "New module: tpe"
• Next in thread: Valdis.Kletnieksat_private: "Re: New module: tpe"
• Next in thread: Niki Rahimi: "Re: New module: tpe"
• Reply: Valdis.Kletnieksat_private: "Re: New module: tpe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 14 2003 - 11:23:56 PDT