Casey Schaufler wrote:
--- Daniel J Walsh <[EMAIL PROTECTED]> wrote:
We still have a problem on MLS machines, in that
newrole can be used to
pass data via pseudo terminals.
script
newrole -l SystemHigh
cat TopSecret.doc
^d
^d
cat typescript
I propose we add this patch to newrole to check if
we are on a pseudo
terminal and then fail if user is using -l.
Basically this patch checks the major number of the
stdin, stdout,
stderr for a number in the pseudo number range, If
yes the pseudo
terminal, if not continue. Not pretty but it solves
the problem. I
could not figure out another way to check if you are
on a pseudo terminal.
Comments?
Are you 100% certain that this is only a pty
issue? Any chance you'll have a similar problem
with other devices, pipes, fifos, UDS or the like?
My pair of Lincolns says otherwise, but they've
been wrong before.
That would probably be a fools bet. There are other checks in newrole
to make sure it is talking to a terminal, though. I worry that I have
hit all the pseudo terminals though. I am hoping others smarter then me
in the kernel would know.
Casey Schaufler
[EMAIL PROTECTED]
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
