Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs

From: James Morris
Date: Fri Apr 13 2012 - 00:35:56 EST

Next message: Andy Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
Previous message: Andrew Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
In reply to: Andrew Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
Next in thread: Andy Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 12 Apr 2012, Andrew Lutomirski wrote:

> > What about dynamic transitions in SELinux ?
> >
>
> What's a dynamic transition?

The security label can be changed without an exec:

See selinux_setprocattr(), for "current".

- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andy Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
Previous message: Andrew Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
In reply to: Andrew Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
Next in thread: Andy Lutomirski: "Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]