| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <B4A3C582-68F9-4077-B058-03B79A5577EB@mac.com>
Date: Sat, 26 May 2007 01:20:50 -0400
From: Kyle Moffett <mrmacman_g4@....com>
To: casey@...aufler-ca.com
Cc: Andreas Gruenbacher <agruen@...e.de>,
James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
On May 24, 2007, at 14:58:41, Casey Schaufler wrote:
> On Fedora zcat, gzip and gunzip are all links to the same file. I
> can imagine (although it is a bit of a stretch) allowing a set of
> users access to gunzip but not gzip (or the other way around).
That is a COMPLETE straw-man argument. I can override your "check"
with this absolutely trivial perl code:
exec { "/usr/bin/gunzip" } "gzip", "-9", "some/file/to.gz";
Pathname-based checks are pretty fundamentally insecure. If you want
to protect a "name", then you should tag the "name" with security
attributes (IE: AppArmor). On the other hand, if you actually want
to protect the _data_, then tagging the _name_ is flawed; tag the
*DATA* instead.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists