Paul Moore wrote:
Aside from all the permissions problems one could get in to, similar to
setcon(), are there any potential pitfalls to allowing users to set the
context of a socket, i.e. using the SO_PEERSEC option with
setsockopt()? I'm not so interested in changing types as I am in
changing MLS labels.
Crazy? Stupid? Suicidal?
Sorry, I realize this wouldn't work with the current IPsec/xfrm stuff, but
assuming another mechanism like NetLabel that could handle the change what
pitfalls would there be in the base SELinux code?
(It was all very clear in my head, I swear)
--
paul moore
linux security @ hp
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
