Sorry for the top posting.
In fedorable distro Almost pam namespace can do this. It was born from a
selinux project, for mls need, but it can be used also for a selinux targeted
policy. Its configuration is not the default, However. Best regard
Messaggio originale
Da: Byron Sonne
Inviato: 22/10/2011, 07:23
A: Michal Zalewski
Cc: full-disclosure@lists.grok.org.uk
Oggetto: Re: [Full-disclosure] Symlink vulnerabilities
If you are in charge of a distro, it would not hurt to nuke it
altogether and change all packages in your control to use per-user
$TMPDIR. Some third-party stuff will break - but it breaks every now
and then anyway.
Excellent suggestion, and you've piqued my curiosity. What distros exist
that implement tmp dirs in such a way? I haven't come across any, and
the more I think about it, the more I wish that this is something I
would see.
If you had your way, would you see it implemented as /tmp/USER
/USER/tmp, or some other way?
Cheers,
B
--
freebyron.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/