Re: [RFC] [PATCH] Replace security fields with hashtable

From: Colin Walters (walters@private)
Date: Wed Oct 27 2004 - 10:56:03 PDT

On Wed, 2004-10-27 at 13:48 -0400, Valdis.Kletnieks@private wrote:

> (It's basically Solar Designer's "Don't follow a symlink out of a o+w directory"
> patch. security_safe_symlink is a sysctl boolean).
> How do you express that as an SELinux policy?

You wouldn't express "don't follow symlink out of o+w directory"
directly in SELinux, because it's not really a security goal.  It's a
means of implementing a security goal (in this case, preventing a
program from following a potentially untrusted symlink).

You can quite easily express "don't allow program to follow untrusted
symlink" in SELinux by simply not granting it { read } permission for

By the way, I'm pretty sure your LSM is insufficient in the presence of

This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 10:55:58 PDT