Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: dynamic context transitions
From: Valdis.Kletnieks_at_vt.edu
Date: Tue, 02 Nov 2004 14:30:26 -0500
> any process which uses either mls_upgrade or mls_downgrade must contain Right so far - if it isn't dragging a resource along, there's no point to doing the up/downgrade call.
> by exec()'ing a process, that just simply cannot occur: the Not true at all - just because the only things passed to the execve() syscall are the argv[] and envp[] arrays doesn't mean that it's the only resources passed to the post-exec code:
And probably a bunch of other stuff I'm forgetting. There's PLENTY of places to accidentally leak stuff up/down across an exec() call....
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 2 Nov 2004 - 14:30:50 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |