Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Desktop apps interoperability
From: Tom <tom_at_lemuria.org>
Date: Mon, 28 Mar 2005 17:47:54 +0200
Not so sure about the pointlessness here. The point is that it makes it more difficult to leverage exploits. Maybe I can break into Firefox, but with that in place I can't jump from there to mplayer by forcing it to play something I know will break it. Lots and lots of system compromises I know about took more than one exploit and more than one program needed to be broken. Nevertheless, an explicit "good file" filter is certainly added value. It doesn't have to be a full-blown virus scanner - on a proper SELinux system I would expect any unexpected behaviour in mplayer to be contained. Nevertheless, the filter should at least check whether the data in question is what it claims to be. No need to port the nightmare of .doc files that really are .exe or whatever to Linux. -- http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 28 Mar 2005 - 10:48:00 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |