Re: mprotect abuse in slim

From: Pavel Machek
Date: Fri Jan 12 2007 - 06:03:00 EST

Next message: Pavel Machek: "unionfs unusable on multiuser systems (was Re: [PATCH 01/24] Unionfs: Documentation)"
Previous message: Jan Engelhardt: "Re: How can I create or read/write a file in linux device driver?"
In reply to: Mimi Zohar: "Re: mprotect abuse in slim"
Next in thread: Mimi Zohar: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> SLIM implements dynamic process labels, so when a process
> is demoted, we must be able to revoke write access to some
> resources to which it has previously valid handles.
> For example, if a shell reads an untrusted file, the
> shell is demoted, and write access to more trusted files
> revoked. Based on previous comments on lkml, we understand
> that this is not really possible in general, so SLIM only
> attempts to revoke access in certain simple cases.

Are you saying that SLIM is useless by design because interested
parties can work around it?
Pavel
--
Thanks for all the (sleeping) penguins.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "unionfs unusable on multiuser systems (was Re: [PATCH 01/24] Unionfs: Documentation)"
Previous message: Jan Engelhardt: "Re: How can I create or read/write a file in linux device driver?"
In reply to: Mimi Zohar: "Re: mprotect abuse in slim"
Next in thread: Mimi Zohar: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]