Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks

From: Alan Cox
Date: Sat Sep 04 2004 - 13:04:27 EST

Next message: Anton Blanchard: "[PATCH] Speed up oprofile buffer drain code"
Previous message: Anton Blanchard: "[PATCH] fix oprofile vfree warning on error"
In reply to: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Next in thread: Kristian SÃrensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Gwe, 2004-09-03 at 21:05, Kristian SÃrensen wrote:
> If an email client receives an malformed email (like the countless
> attacks on outlook), a simple restriction could be for the process
> handeling the mail would be "$HOME/.addressbook", furthermore, you could
> specify that attachments executed _from_ the emailprogram would not have
> access to the network. Thus the virus cannot find mail addresses to send
> itself to - and it cannot even get network access. Simple and effective.

ln /tmp/bwhahaha $HOME/.addressbook
more /tmp/bwhahaha

As the nice man from the NSA said ;) label content not paths. Use xattrs
to say "this is an addressbook" and then the path games go away.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Anton Blanchard: "[PATCH] Speed up oprofile buffer drain code"
Previous message: Anton Blanchard: "[PATCH] fix oprofile vfree warning on error"
In reply to: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Next in thread: Kristian SÃrensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]