Re: [RFC] [PATCH] Replace security fields with hashtable

• Previous message: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• In reply to: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Next in thread: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Next in thread: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Reply: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 27 Oct 2004 16:37:40 EDT, Colin Walters said:

> > Not "any uid 0 process" - "any process able to change ownerships/permissi=
> ons/
> > contexts" :)  Also, the threat model isn't "uid 0 subverts the control", =
> it's
> > "Joe User tricks a uid 0 process into running a /tmp-race exploit"...
> 
> With SELinux the domain would also need privileges to read temporary
> files created by the attacker.

No - that's a different attack than I'm worried about.  I'm looking at
the case of being redirected to stomp on my *own* files that I have the
privs to.  You run gcc, gcc creates a tempfile in /tmp, that accidentally
follows a symlink, and your ~/.foo file gets clobbered (yes, they fixed *that*
bug in gcc a while ago).

• application/pgp-signature attachment: stored

• Previous message: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• In reply to: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Next in thread: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Next in thread: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Reply: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 14:04:36 PDT