Re: [RFC] [PATCH] Replace security fields with hashtable

From: Valdis.Kletnieks@private
Date: Wed Oct 27 2004 - 11:10:37 PDT

On Wed, 27 Oct 2004 13:56:03 EDT, Colin Walters said:

> You can quite easily express "don't allow program to follow untrusted
> symlink" in SELinux by simply not granting it { read } permission for
> <target>:lnk_file.

Good.  Now tell me how to coerce the file labelling to set <target> to
some specified value for any symlink in a world-writable directory (taking
care to note that potentially, the dir wasn't writable when the symlink is
created, so we need to relabel all the files at chmod time...).

> By the way, I'm pretty sure your LSM is insufficient in the presence of
> ACLs.

OK.. So the directory *could* be non-world-writable but with an ACL that lets
the victim in.  If you get into this state with /tmp or /var/tmp or similar,
then you've got bigger problems anyhow.. ;)

I need to ponder it a bit more - that *should* be dealt with better...

This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 11:11:30 PDT