lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <alpine.LSU.0.999.0903301202330.4746@be1.lrz>
Date:	Mon, 30 Mar 2009 13:22:07 +0200 (CEST)
From:	Bodo Eggert <7eggert@....de>
To:	Pavel Machek <pavel@....cz>
cc:	Bodo Eggert <7eggert@....de>, James Morris <jmorris@...ei.org>,
	kernel list <linux-kernel@...r.kernel.org>
Subject: Re: TOMOYO in linux-next

On Sun, 29 Mar 2009, Pavel Machek wrote:

> 
> >>> How would you exclude mozilla from writing to .* then? ".a" is bad,
> >>> ".b" is bad ...? or "A" is OK, "a" is OK, "zzzzzzzzzzzzz" is OK"?
> >>> Either way, you'd need several universes to store the security profile.
> >>
> >> What is magic about .* files? I want mozilla to store the pictures as
> >> .naughty.picture.jpg -- I don't see anything wrong with that.
> >
> > As long as you have a guaranteed-to-be-complete list of config files, you 
> > can get along without wildcards. And still if you do, I'll write a 
> > program to make it incomplete.
> 
> Not all config files match .* pattern. I have at least hugo.ini
> mxmap.ini in my ~.
       ^^^^
I see a pattern there.

IMO there is no use in a security system if it allows you to modify 
something like ~/.bashrc, and a security system not allowing mozilla to 
create ~/.mozilla or ~/pr0n.jpg is not usable at all.

You must handle different files in one directory diffrerently, and since 
they are not there yet, you can't label them. Instead, you'll have to label 
them at runtime, and you have to do it based on the filename. At the same 
time, you have a HUGE number of problematic filenames and a HUGE number of 
safe filenames. Unless you have about 500 universes, you can't implement a 
bitmap of allowed an non-allowed filenames.

What will you do? Give up and let mozilla modify all the config files you 
didn't think of? Or not let mozilla store tux.png in ~?

-- 
Artificial Intelligence usually beats real stupidity.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ