On Sat, 26 May 2007 15:58:50 PDT, Casey Schaufler said: > Fair enough, I don't believe that an argv[0] check ought to > be used as a security mechanism. I am not convinced that everyone > would agree with us. Having seen my share of argv[0]-related security bugs in my years, I have to agree that it's a security crock. As to why some might not agree, you already put your finger on it earlier: On Fri, 25 May 2007 12:06:19 PDT, Casey Schaufler said: > nefarious schemes. Remember that security is a subjective thing, and > using argv[0] and AppArmor together might make some people feel better. Some people would rather just feel better...
Attachment:
pgpnLwxrYtryZ.pgp
Description: PGP signature
- References:
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: Casey Schaufler <[email protected]>
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Prev by Date: Re: [ckrm-tech] [RFC] [PATCH 0/3] Add group fairness to CFS
- Next by Date: Re: [PATCH, RFT, v4] sata_mv: convert to new EH
- Previous by thread: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Next by thread: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Index(es):