> To fill in the SELinux details for the people following along at > home: > > The problem is that at open() time, there's no good way to specify > what the > expected label is (now *that* might be an interesting extention to > open() for > some enterprisng grad student) - so as long as the file has *any* > foo_t label > that the program is allowed to access, the open() will succeed. > There's no way > for it to say "I'm opening what *should* be a locale_t file, so if > I'm being > coerced into opening a user_foo_t, please nuke the request". Exactly. Thanks for putting this into more concise wording.
> > -- Ramon de C Valle / Red Hat Security Response Team _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
