Re: request: capabilities that allow users to drop privileges further

From: Chris Wright
Date: Tue Dec 16 2003 - 20:43:31 EST

Next message: Mike Fedyk: "[PATCH 2.4 Rmap] Add Inactive to /proc/meminfo was: Mem: and Swap: lines in /proc/meminfo"
Previous message: Felix von Leitner: "Re: request: capabilities that allow users to drop privileges further"
In reply to: Felix von Leitner: "Re: request: capabilities that allow users to drop privileges further"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Felix von Leitner (felix-kernel@xxxxxxx) wrote:
> Imagine being able to call "gzip -dc" in a pipe and denying it write
> access to the file system, network I/O and other harmful operations.
> If programs can restrict themselves, we could write email client
> software that uses external untrusted plugins without fear of buffer
> overflows or catching yourself a root kit.

Write some SELinux policies for the email and web server that do what
you'd like. The LSM infrastructure allows you to control all these
things, and SELinux gives a configuration language to do this with.
Or you can write a simple module to do just what you'd like.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Fedyk: "[PATCH 2.4 Rmap] Add Inactive to /proc/meminfo was: Mem: and Swap: lines in /proc/meminfo"
Previous message: Felix von Leitner: "Re: request: capabilities that allow users to drop privileges further"
In reply to: Felix von Leitner: "Re: request: capabilities that allow users to drop privileges further"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]