| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100309161611.1833523b@schatten.dmk.lab> Date: Tue, 9 Mar 2010 16:16:11 +0100 From: Florian Mickler <florian@...kler.org> To: linux-kernel@...r.kernel.org Subject: Re: Upstream first policy On Mon, 8 Mar 2010 18:18:21 -0500 Eric Paris <eparis@...isplace.org> wrote: > You do realize that with content based security systems the pathnames > aren't important and you could implement your example patch? Sure a > user could mount something on /lib and put their own files there, but > since that user couldn't get them labelled correctly the suid app > would not be able to use them and would fail. Users would have new > and interesting way to break their computers! but isn't that why a pathname based protect of /lib would be better? so that users couldn't break their system? >I thank you for your > vote for content based security systems instead of pathname systems > and look forward to your future contributions to either that body of > knowledge or the bridging of the gap between the two *smile* > > -Eric i interpret it not this way. but i'm an amateur securita :) cheers, Flo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists