Re: [PATCH] Enhanced Trusted Path Execution (TPE) LinuxSecurity Module

[Lorenzo Hernández García-Hierro]

Hi Felipe,

El jue, 06-01-2005 a las 19:00 +0100, Felipe Alfaro Solana escribió:
> On 6 Jan 2005, at 15:50, Lorenzo Hernández García-Hierro wrote:
> 
> >> The two biggest issues are 1) it's trivial to bypass:
> >> $ /lib/ld.so /untrusted/path/to/program
> >> and 2) that there's no (visible/vocal) user base calling for the 
> >> feature.
> >
> > About the point 1), yesterday i wrote just a simple regression test
> > (that can be found at the same place as the patch) and of course it
> > bypasses, this is an old commented problem, Stephen suggested the use 
> > of
> > the mmap and mprotect hooks, so, i will have a look at them but i'm not
> > sure on how to (really) prevent the dirty,old trick.
> > About 2), just give it a chance, maybe it's useful and my work is not
> > completely nonsense.
> 
> Well, I'm not a visible/vocal user base, but I do really like this TPE 
> LSM module.

Thanks :)
I hope you will like much more the revision i'm coding right now.
Tonight, my queue is a bit overloaded, i need to fix some things in the
SELinux 2.4 backport, but i hope i will finish it today as it doesn't
require a lot of time.

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmadadigitalmente