[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20091001091537.GA22337@c.hsd1.tn.comcast.net>
Date: Thu, 1 Oct 2009 09:15:37 +0000
From: Andy Spencer <andy753421@...il.com>
To: Pavel Machek <pavel@....cz>
Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] Privilege dropping security module
> Yeah, and now your ~/.ssh/identity is being uploaded to remote server.
The given policy sets the home directory (including ~/.ssh/) to `X'
which does not include read access, so ~/.ssh/identity should be safe.
There are some other problems with this particular policy though, /tmp/
is still readable for example.
> I believe people are already sandboxing apps with selinux...
Yes, some people (including myself) are already using selinux, tomoyo,
smack, etc, for sandboxing. However, I think those have some
disadvantages that I'm trying to address.
> ...and subterfugue certainly does what you want, using ptrace... no
> kernel mods needed and should already be secure.
subterfugue does look interesting, but it seems like it would be pretty
slow and hasn't been unmaintained since 2001.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists