> file has b0rked many a set-UID program. (yes, this is still a problem with > enough software that the grsecurity patch includes a 'force 0/1/2 to /dev/null > if not open' section). That behavior might well be worth emulating. (or implementing as part of another lsm?) > Likewise, I can't convince myself that the fact that a given dentry can be either > on the read exception list or execute exception list, but not both, isn't a whoops > waiting to happen. That is easy enough to fix, but at a (perhaps very minor) performance hit. I'm undecided as to whether that would be a good thing. It seems to perhaps be tempting the administrator into using this module too generally? > Similarly for the inheritance to subdirectories - is there > an easy way to say "/foo is on the read exception list, and /foo/a, /foo/b, and > /foo/d are, but /foo/c is *NOT*"? (This becomes important for things like /usr/lib, > where many systems store mixes of binaries, shared libs, and data). That seems to be outside the scope of the module.
This archive was generated by hypermail 2b30 : Tue Nov 11 2003 - 06:47:30 PST