Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: Valdis.Kletnieks@xxxxxx
- Date: Sat, 26 May 2007 21:33:20 -0400
On Sat, 26 May 2007 15:58:50 PDT, Casey Schaufler said:
Fair enough, I don't believe that an argv[0] check ought to
be used as a security mechanism. I am not convinced that everyone
would agree with us.
Having seen my share of argv[0]-related security bugs in my years, I have to
agree that it's a security crock. As to why some might not agree, you already
put your finger on it earlier:
On Fri, 25 May 2007 12:06:19 PDT, Casey Schaufler said:
nefarious schemes. Remember that security is a subjective thing, and
using argv[0] and AppArmor together might make some people feel better.
Some people would rather just feel better...
Attachment:
pgp4JLJ8AKzWq.pgp
Description: PGP signature
- References:
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: Casey Schaufler
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Prev by Date: Re: [ckrm-tech] [RFC] [PATCH 0/3] Add group fairness to CFS
- Next by Date: Re: [PATCH, RFT, v4] sata_mv: convert to new EH
- Previous by thread: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Next by thread: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Index(es):
Relevant Pages
|
