[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060919191643.GA7246@elf.ucw.cz>
Date: Tue, 19 Sep 2006 21:16:43 +0200
From: Pavel Machek <pavel@....cz>
To: Kylene Jo Hall <kjhall@...ibm.com>
Cc: linux-kernel <linux-kernel@...r.kernel.org>,
LSM ML <linux-security-module@...r.kernel.org>,
Dave Safford <safford@...ibm.com>,
Mimi Zohar <zohar@...ibm.com>,
Serge Hallyn <sergeh@...ibm.com>, akpm@...l.org
Subject: Re: [PATCH 7/7] SLIM: documentation
Hi!
> Documentation.
Thanks for it.
> +file /etc/resolv.conf, dbus-daemon, which accepts data from
> +potentially untrusted processes, Xorg, which has to accept data
> +from all Xwindow clients, regardless of level, and postfix which
> +delivers untrusted mail. Again, these applications inherently
> +must cross trust levels, and SLIM properly identifies them.
How is this supposed to work. Xorg was not designed to be security
barrier. So... your exploited evolution, but evolution is now
UNTRUSTED, so you can't do anything interesting... right?
Wrong. evolution can ask Xorg to simulate "rm -rf /" keypresses, and
send them to your shell in another window...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists