Re: Upstream first policy

From: Florian Mickler
Date: Tue Mar 09 2010 - 12:15:20 EST


On Mon, 8 Mar 2010 18:18:21 -0500
Eric Paris <eparis@xxxxxxxxxxxxxx> wrote:


> You do realize that with content based security systems the pathnames
> aren't important and you could implement your example patch? Sure a
> user could mount something on /lib and put their own files there, but
> since that user couldn't get them labelled correctly the suid app
> would not be able to use them and would fail. Users would have new
> and interesting way to break their computers!

but isn't that why a pathname based protect of /lib would be better? so
that users couldn't break their system?

>I thank you for your
> vote for content based security systems instead of pathname systems
> and look forward to your future contributions to either that body of
> knowledge or the bridging of the gap between the two *smile*
>
> -Eric

i interpret it not this way. but i'm an amateur securita :)

cheers,
Flo


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/