Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks

From: Kristian SÃrensen
Date: Sat Sep 04 2004 - 13:48:38 EST

Next message: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Previous message: Rafael J. Wysocki: "2.6.9-rc1-mm3: build problem"
In reply to: Alan Cox: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox wrote:

On Gwe, 2004-09-03 at 21:05, Kristian SÃrensen wrote:

If an email client receives an malformed email (like the countless attacks on outlook), a simple restriction could be for the process handeling the mail would be "$HOME/.addressbook", furthermore, you could specify that attachments executed _from_ the emailprogram would not have access to the network. Thus the virus cannot find mail addresses to send itself to - and it cannot even get network access. Simple and effective.

ln /tmp/bwhahaha $HOME/.addressbook
more /tmp/bwhahaha

As the nice man from the NSA said ;) label content not paths. Use xattrs
to say "this is an addressbook" and then the path games go away.

Just as Christop Hellwig's suggestion (in this thread) this will not work due to the placement of the LSM hooks :-) (he suggested making an "mount -o bind").

KS.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kristian Sørensen: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Previous message: Rafael J. Wysocki: "2.6.9-rc1-mm3: build problem"
In reply to: Alan Cox: "Re: [Umbrella-devel] Re: Getting full path from dentry in LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]