SELinux and the Desktop
Stephen Smalley
sds at epoch.ncsc.mil
Thu Oct 14 18:27:23 UTC 2004
On Thu, 2004-10-14 at 13:56, Steve Coleman wrote:
> Colin Walters walters-at-redhat.com |fedora| wrote:
>
>The major threat here is environment variables, right?
Hmm...didn't get Colin's original message, but I saw this reply.
Anyway, if the question is about domain transitions on scripts, then
there is a fundamental race condition on script execution. Think:
kernel looks up script file and reads header, kernel invokes interpreter
with script file path as argument, interpreter looks up script file.
Caller can run arbitrary code in the new domain.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list