--- Daniel J Walsh <[EMAIL PROTECTED]> wrote: > We still have a problem on MLS machines, in that > newrole can be used to > pass data via pseudo terminals. > > script > newrole -l SystemHigh > cat TopSecret.doc > ^d > ^d > cat typescript > > I propose we add this patch to newrole to check if > we are on a pseudo > terminal and then fail if user is using -l. > > Basically this patch checks the major number of the > stdin, stdout, > stderr for a number in the pseudo number range, If > yes the pseudo > terminal, if not continue. Not pretty but it solves > the problem. I > could not figure out another way to check if you are > on a pseudo terminal. > > Comments?
Are you 100% certain that this is only a pty issue? Any chance you'll have a similar problem with other devices, pipes, fifos, UDS or the like? My pair of Lincolns says otherwise, but they've been wrong before. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
