On Thu 2007-11-29 23:58:44, Andi Kleen wrote:
> Alan Cox <[EMAIL PROTECTED]> writes:
> >
> > The simple case is
> > open
> > write cathedral and bazaar in some order
> > close
> > <trap close -> process -> label eric_t>
> >
> > open (eric_t) - SELinux "no"
> >
> >
> > Anyone smart will then write it out of order and keep the file open, or
>
> That would assume Eric already has a program running on your system
> optimized to inject his works in a obfuscated way. And if he has a
> program running he can do nearly everything already. You already
> lost the game.
>
> The normal case Tvrtko et.al. are trying to handle would be more the
> work getting downloaded from somewhere or read from a usb stick using
> normal programs like web browsers or file managers who don't do any
> out of order writing tricks and other obfuscation.
Fortunately normal programs tend to be dynamically linked, so
LD_PRELOAD is fine to handle them. And we know we can't handle nasty
programs. Seems like LD_PRELOAD is the way to go.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
