[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <E3BA758D-AD62-4009-898A-BC223838845D@mac.com>
Date: Wed, 24 Oct 2007 23:50:50 -0400
From: Kyle Moffett <mrmacman_g4@....com>
To: "Serge E. Hallyn" <serue@...ibm.com>
Cc: "David P. Quigley" <dpquigl@...ho.nsa.gov>,
Jan Engelhardt <jengelh@...putergmbh.de>,
Simon Arlott <simon@...e.lp0.eu>,
Adrian Bunk <bunk@...nel.org>,
Chris Wright <chrisw@...s-sol.org>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andreas Gruenbacher <agruen@...e.de>,
Thomas Fricaccia <thomas_fricacci@...oo.com>,
Jeremy Fitzhardinge <jeremy@...p.org>,
James Morris <jmorris@...ei.org>,
Crispin Cowan <crispin@...spincowan.com>,
Giacomo Catenazzi <cate@...ian.org>,
Alan Cox <alan@...rguk.ukuu.org.uk>
Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
On Oct 24, 2007, at 17:37:04, Serge E. Hallyn wrote:
> The scariest thing to consider is programs which don't
> appropriately handle failure. So I don't know, maybe the system
> runs a remote logger to which the multiadm policy gives some extra
> privs, but now the portac module prevents it from sending its
> data. And maybe, since the authors never saw this failure as
> possible, the program happens to dump sensitive data in a public
> readable place. I *could* be more vague but it'd be tough :) But
> you get the idea.
Well, there *was* that problem with sendmail where it did not
properly check the result of setuid() and just assumed it had
succeeded. So instead of running as "smtpd" it was running as
"root". Not a happy memory.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists