| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Sep 2006 21:16:43 +0200 From: Pavel Machek <pavel@....cz> To: Kylene Jo Hall <kjhall@...ibm.com> Cc: linux-kernel <linux-kernel@...r.kernel.org>, LSM ML <linux-security-module@...r.kernel.org>, Dave Safford <safford@...ibm.com>, Mimi Zohar <zohar@...ibm.com>, Serge Hallyn <sergeh@...ibm.com>, akpm@...l.org Subject: Re: [PATCH 7/7] SLIM: documentation Hi! > Documentation. Thanks for it. > +file /etc/resolv.conf, dbus-daemon, which accepts data from > +potentially untrusted processes, Xorg, which has to accept data > +from all Xwindow clients, regardless of level, and postfix which > +delivers untrusted mail. Again, these applications inherently > +must cross trust levels, and SLIM properly identifies them. How is this supposed to work. Xorg was not designed to be security barrier. So... your exploited evolution, but evolution is now UNTRUSTED, so you can't do anything interesting... right? Wrong. evolution can ask Xorg to simulate "rm -rf /" keypresses, and send them to your shell in another window... Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists