Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

From: Valdis . Kletnieks
Date: Wed Apr 19 2006 - 11:51:43 EST

Next message: Arkadiusz Miskiewicz: "Re: sata suspend resume ..."
Previous message: Greg KH: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
In reply to: Serge E. Hallyn: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Gene Heskett: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 19 Apr 2006 06:41:06 CDT, "Serge E. Hallyn" said:
> Quoting Valdis.Kletnieks@xxxxxx (Valdis.Kletnieks@xxxxxx):
> > On Wed, 19 Apr 2006 02:40:25 EDT, Kyle Moffett said:
> > > Perhaps the SELinux model should be extended to handle (dir-inode,
> > > path-entry) pairs. For example, if I want to protect the /etc/shadow
> > > file regardless of what tool is used to safely modify it, I would set
> >
> > Some of us think that the tools can protect /etc/shadow just fine on their
> > own, and are concerned with rogue software that abuses /etc/shadow without
> > bothering to safely modify it..
>
> Can you rephrase this? I'm don't understand what you're saying...
>
> My default response would have to be:
>
> > own, and are concerned with rogue software that abuses /etc/shadow without
> > bothering to safely modify it..
>
> rogue software like vi?

Close enough. I was actually thinking of a script kiddie with a canned tool
that does 'echo foo::0:0: >> /etc/passwd' type stuff, but vi without its vipw
component would count too....

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Arkadiusz Miskiewicz: "Re: sata suspend resume ..."
Previous message: Greg KH: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
In reply to: Serge E. Hallyn: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Gene Heskett: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]