Re: [RFC] [PATCH] Replace security fields with hashtable

From: Valdis.Kletnieks@private
Date: Wed Oct 27 2004 - 14:04:00 PDT


On Wed, 27 Oct 2004 16:37:40 EDT, Colin Walters said:

> > Not "any uid 0 process" - "any process able to change ownerships/permissi=
> ons/
> > contexts" :)  Also, the threat model isn't "uid 0 subverts the control", =
> it's
> > "Joe User tricks a uid 0 process into running a /tmp-race exploit"...
> 
> With SELinux the domain would also need privileges to read temporary
> files created by the attacker.

No - that's a different attack than I'm worried about.  I'm looking at
the case of being redirected to stomp on my *own* files that I have the
privs to.  You run gcc, gcc creates a tempfile in /tmp, that accidentally
follows a symlink, and your ~/.foo file gets clobbered (yes, they fixed *that*
bug in gcc a while ago).







This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 14:04:36 PDT