Stephen Smalley wrote:
On Wed, 2007-06-13 at 23:22 +0900, Toshiharu Harada wrote:
2007/6/13, Stephen Smalley [EMAIL PROTECTED]:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
Here are examples:
/bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash
/bin/bash process
Hello.
I just now made demo movies how TOMOYO Linux looks like.
http://tomoyo.sourceforge.jp/data/CentOS5-install.avi is
a movie that demonstrates how to install TOMOYO Linux 1.4.1 on CentOS 5.
http://tomoyo.sourceforge.jp/data/CentOS5-learning.avi is
a movie that demonstrates how the TOMOYO
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Fri, 2007-06-15 at 11:01 -0700, Casey Schaufler wrote:
--- Greg KH [EMAIL PROTECTED] wrote:
A daemon using inotify can instantly[1] detect this and label the file
properly if it shows up.
In our 1995 B1 evaluation of Trusted
On Fri, Jun 15, 2007 at 10:06:23PM +0200, Pavel Machek wrote:
Hi!
And before you scream races, take a look. It does not actually add
them:
Hey, I never screamed that at all, in fact, I completly agree with you
:)
I agree that the in-kernel implementation could use different
On Fri, Jun 15, 2007 at 01:43:31PM -0700, Casey Schaufler wrote:
Yup, I see that once you accept the notion that it is OK for a
file to be misslabeled for a bit and that having a fixxerupperd
is sufficient it all falls out.
My point is that there is a segment of the security community
On Fri, 2007-06-15 at 14:14 -0700, Greg KH wrote:
On Fri, Jun 15, 2007 at 01:43:31PM -0700, Casey Schaufler wrote:
Yup, I see that once you accept the notion that it is OK for a
file to be misslabeled for a bit and that having a fixxerupperd
is sufficient it all falls out.
My point
On Fri, Jun 15, 2007 at 05:28:35PM -0400, Karl MacMillan wrote:
On Fri, 2007-06-15 at 14:14 -0700, Greg KH wrote:
On Fri, Jun 15, 2007 at 01:43:31PM -0700, Casey Schaufler wrote:
Yup, I see that once you accept the notion that it is OK for a
file to be misslabeled for a bit and that
On Fri, 2007-06-15 at 14:44 -0700, Greg KH wrote:
On Fri, Jun 15, 2007 at 05:28:35PM -0400, Karl MacMillan wrote:
On Fri, 2007-06-15 at 14:14 -0700, Greg KH wrote:
On Fri, Jun 15, 2007 at 01:43:31PM -0700, Casey Schaufler wrote:
Yup, I see that once you accept the notion that it is
--- Greg KH [EMAIL PROTECTED] wrote:
On Fri, Jun 15, 2007 at 01:43:31PM -0700, Casey Schaufler wrote:
Yup, I see that once you accept the notion that it is OK for a
file to be misslabeled for a bit and that having a fixxerupperd
is sufficient it all falls out.
My point is that
Greg KH wrote:
On Fri, Jun 15, 2007 at 10:06:23PM +0200, Pavel Machek wrote:
* Renamed Directory trees: The above problem is compounded with
directory trees. Changing the name at the top of a large, bushy
tree can require instant relabeling of millions of files.
On Fri, Jun 15, 2007 at 10:06:23PM +0200, Pavel Machek wrote:
Yes, you may get some -EPERM during the tree move, but AA has that
problem already, see that when madly moving trees we sometimes
construct path file never ever had.
Pavel, please focus on the current AppArmor implementation. You're
On Fri, Jun 15, 2007 at 05:42:08PM -0400, James Morris wrote:
On Fri, 15 Jun 2007, Greg KH wrote:
Or just create the files with restrictive labels by default. That way
you fail closed.
From my limited knowledge of SELinux, this is the default today so this
would happen by default.
On Fri, Jun 15, 2007 at 04:30:44PM -0700, Crispin Cowan wrote:
Greg KH wrote:
On Fri, Jun 15, 2007 at 10:06:23PM +0200, Pavel Machek wrote:
* Renamed Directory trees: The above problem is compounded with
directory trees. Changing the name at the top of a large, bushy
On Fri, 15 Jun 2007, Greg KH wrote:
On Fri, Jun 15, 2007 at 04:30:44PM -0700, Crispin Cowan wrote:
Greg KH wrote:
On Fri, Jun 15, 2007 at 10:06:23PM +0200, Pavel Machek wrote:
Only case where attacker _can't_ be keeping file descriptors is newly
created files in recently moved tree. But as
On Fri, Jun 15, 2007 at 04:49:25PM -0700, Greg KH wrote:
We have built a label-based AA prototype. It fails because there is no
reasonable way to address the tree renaming problem.
How does inotify not work here? You are notified that the tree is
moved, your daemon goes through and
Hi!
Under the restorecon proposal, the web site would be horribly broken
until restorecon finishes, as various random pages are or are not
accessible to Apache.
Usually you don't do that by doing a 'mv' otherwise you are almost
guaranteed stale and mixed up content for some period of time,
On Fri, Jun 15, 2007 at 05:18:10PM -0700, Seth Arnold wrote:
On Fri, Jun 15, 2007 at 04:49:25PM -0700, Greg KH wrote:
We have built a label-based AA prototype. It fails because there is no
reasonable way to address the tree renaming problem.
How does inotify not work here? You are
On Fri, Jun 15, 2007 at 05:01:25PM -0700, [EMAIL PROTECTED] wrote:
On Fri, 15 Jun 2007, Greg KH wrote:
On Fri, Jun 15, 2007 at 04:30:44PM -0700, Crispin Cowan wrote:
Greg KH wrote:
On Fri, Jun 15, 2007 at 10:06:23PM +0200, Pavel Machek wrote:
Only case where attacker _can't_ be keeping
On Fri, 15 Jun 2007, Greg KH wrote:
Oh great, then things like source code control systems would have no
problems with new files being created under them, or renaming whole
trees.
It depends -- I think we may be talking about different things.
If you're using inotify to watch for new files
On Fri, 15 Jun 2007, [EMAIL PROTECTED] wrote:
on the contrary, useing 'mv' is by far the cleanest way to do this.
mv htdocs htdocs.old;mv htdocs.new htdocs
this makes two atomic changes to the filesystem, but can generate thousands to
millions of permission changes as a result.
OTOH,
On Fri, 15 Jun 2007, Seth Arnold wrote:
How does inotify not work here? You are notified that the tree is
moved, your daemon goes through and relabels things as needed. In the
meantime, before the re-label happens, you might have the wrong label on
things, but somehow SELinux already
21 matches
Mail list logo
