Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Proposed policy feature: $1_domain attribute
From: Thomas Bleher <bleher_at_informatik.uni-muenchen.de>
Date: Tue, 1 Mar 2005 16:12:07 +0100
Yes. can_ps() might be OK, but can_ptrace() is too much. With ptrace,
users have complete control over derived domains. I do not think we want
that. An example: I'd like to have a version of gpg without
--export-secret-keys. Together with SELinux it then becomes very hard to
steal the secret key, even from a compromised program in user_t. Your
change would compromise this.
Thomas -- http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7Received on Tue 1 Mar 2005 - 10:15:42 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |