Hi, I thought I'd start you off with one of our more simple Trusted Extensions patches. :)
Please take a look at the following NEW patch for glib. This patch is to improve the security of the module loading aspect of glib so that trusted code can not be extended by arbitrary modules and left open to the case where rogue code can be inserted into a trusted component. In a trusted multi-label session, indicated by the env var TRUSTED_SESSION, glib will restrict the locations that it will accept modules from by first asking the runtime linker for the information it has been configured with and falling back to some default file system locations. Thanks, Stephen. -------------- next part -------------- A non-text attachment was scrubbed... Name: glib.patch-review Type: application/octet-stream Size: 3573 bytes Desc: not available URL: <http://mail.opensolaris.org/pipermail/jds-review/attachments/20061101/76621cca/attachment.obj>
