SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: New Apache policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Tom <tom_at_lemuria.org> Date: Tue, 29 Oct 2002 19:50:22 +0100 On Tue, Oct 29, 2002 at 07:37:10PM +0100, Russell Coker wrote: > I suggest that you contact the Subversion developers and ask their opinion on > what the security policy should be. Of course we won't necessarily accept > what they say, but it will be useful to get some input from them. That is a good idea, I will try it. > > Also, I may think about restricting _local_ access for these tools, > > because they are connecting outwards to potentially hacked and/or > > malicious servers. > > True. Of course if you download, compile, and run code from a potentially > hacked server then an exploit of a Subversion bug is the least of your > worries... Yes, but you might either not intend to run it (it may not even be something executable, I keep documentation in CVS, for example) or you may execute it in a chroot or other restricted environment (simply labeling the resulting binary with some special bin_untrusted_t might be what you prefer). One way or the other, this is the larger question of how to deal with foreign executables and for now I'd like to leave that to the local sysadmin. He may already have a good policy in place. -- http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 29 Oct 2002 - 14:09:29 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: mysql policy" Previous message: Russell Coker: "Re: New Apache policy" In reply to: Russell Coker: "Re: New Apache policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom