On Saturday 26 May 2007 15:34, Alan Cox wrote:
> > As such, AA can detect whether you did exec("gzip") or exec("gunzip")
> > and apply the policy relevant to the program. It could apply different
>
> That's not actually useful for programs which link the same binary to
> multiple names because if you don't consider argv[0] as well I can run
> /usr/bin/gzip passing argv[0] of "gunzip" and get one set of policies and
> the other set of behaviour.
I partially agree. Taken together with the policy of the calling process,
things suddenly start to make more sense though (even if gzip/gunzip don't
make good examples): if only allowed to execute /usr/bin/gzip, the calling
process can still get the gunzip behavior, but it will be bound by
the /usr/bin/gzip policy.
Controlling the policy is what we really care about; this limits the allowed
behavior. We cannot really control the behavior of an application anyway
(think of bugs alone), but we can set the bounds for that behavior.
> And then we have user added hardlinks of course.
Yes, allowing confined processes to change what they are allowed to execute
under a more permissive policy is not such a good idea.
Thanks,
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
