[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: two questions

From: James Morris <jmorris namei org>
To: Eric Paris <eparis redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: two questions
Date: Mon, 7 Jan 2008 09:43:26 +1100 (EST)

On Fri, 4 Jan 2008, Eric Paris wrote:

> yes, the permission is dyntransition in the process class.  it is
> STRONGLY, let me say that again VERY STRONGLY, suggested that you don't
> make use of this facility.  Basically you lose all seperation between
> those 2 domains.  You don't have any assurance that the process before
> the transition didn't get hacked/corrupted/bugged and is now
> transitioning to a new domain but able to do the wrong things (or
> sometimes even worse not transition to the new domain at all)
> 
> I'm not sure what the rationale was to put it in originally but please
> just find a way to do it on an execve boundary.

Dynamic transitions were added for privileged MLS applications, which 
sometimes need to implement privilege bracketing (i.e. changing security 
level for some operation).  It should be thought of as a legacy MLS 
feature and not otherwise used.

- James
-- 
James Morris
<jmorris namei org>

Follow-Ups:
- Re: two questions
  - From: Stephen Smalley

References:
- two questions
  - From: Clarkson, Mike R \(US SSA\)
- Re: two questions
  - From: Eric Paris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]