Quoting Chris Wright <chrisat_private>: > * dlambrouat_private (dlambrouat_private) wrote: > > Just a quick question on the following rule: > > 2. Trusted user, untrusted path = User is able to run the executable > > > > 1. Untrusted path contains untrusted code > > 2. Trusted user has higher priviledges than untrusted > > 3. Finally an untrusted user places an untrusted > > file into an untrusted path, > > and what you get is an untrusted application (Trojan) to be executed by a > > trusted user! > > IIRC trusted user in this case essentially means can run arbitrary > (potentially untrusted) code. If thats the definition then rule 2 makes sense Thanks > IOW, the trusted user list should have > no users in it by default, and is a mechanism to selectively turn off > TPE. I'll have to go back and read about the older implementations > though. > > thanks, > -chris > -- > Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net > --------------------------------------------------------- Demetrios Lambrou http://crazylinux.net You can always get my public key block from http://crazylinux.net/public.asc Fingerprint: C7B3 A112 3704 7202 2B33 6B28 5418 78DD 774A 7BCB _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 14 2003 - 12:29:49 PDT