On Wed, 19 Apr 2006 06:41:06 CDT, "Serge E. Hallyn" said: > Quoting [email protected] ([email protected]): > > On Wed, 19 Apr 2006 02:40:25 EDT, Kyle Moffett said: > > > Perhaps the SELinux model should be extended to handle (dir-inode, > > > path-entry) pairs. For example, if I want to protect the /etc/shadow > > > file regardless of what tool is used to safely modify it, I would set > > > > Some of us think that the tools can protect /etc/shadow just fine on their > > own, and are concerned with rogue software that abuses /etc/shadow without > > bothering to safely modify it.. > > Can you rephrase this? I'm don't understand what you're saying... > > My default response would have to be: > > > own, and are concerned with rogue software that abuses /etc/shadow without > > bothering to safely modify it.. > > rogue software like vi? Close enough. I was actually thinking of a script kiddie with a canned tool that does 'echo foo::0:0: >> /etc/passwd' type stuff, but vi without its vipw component would count too....
Attachment:
pgp8qE5x4jdwQ.pgp
Description: PGP signature
- References:
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Casey Schaufler <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Kyle Moffett <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: [email protected]
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: "Serge E. Hallyn" <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Prev by Date: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Next by Date: Re: sata suspend resume ...
- Previous by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Next by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Index(es):
 |