Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751401AbWHXNLh (ORCPT ); Thu, 24 Aug 2006 09:11:37 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751400AbWHXNLg (ORCPT ); Thu, 24 Aug 2006 09:11:36 -0400 Received: from gprs189-60.eurotel.cz ([160.218.189.60]:52459 "EHLO amd.ucw.cz") by vger.kernel.org with ESMTP id S1751381AbWHXNLg (ORCPT ); Thu, 24 Aug 2006 09:11:36 -0400 Date: Thu, 24 Aug 2006 15:11:27 +0200 From: Pavel Machek To: "Serge E. Hallyn" Cc: Mimi Zohar , David Safford , kjhall@us.ibm.com, linux-kernel , LSM ML , linux-security-module-owner@vger.kernel.org Subject: Re: [RFC][PATCH 8/8] SLIM: documentation Message-ID: <20060824131127.GB7052@elf.ucw.cz> References: <20060817230213.GA18786@elf.ucw.cz> <20060824054933.GA1952@elf.ucw.cz> <20060824130340.GB15680@sergelap.austin.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060824130340.GB15680@sergelap.austin.ibm.com> X-Warning: Reading this can be dangerous to your mental health. User-Agent: Mutt/1.5.11+cvs20060126 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1370 Lines: 34 Hi! > > > I hope this answered some of your questions. We're working on > > > more comprehensive documentation, which we'll post with the next > > > release. > > > > Do you have examples where this security model stops an attack? > > > > Both my mail client and my mozilla will be UNTRUSTED (because of > > network connections, right?) -- so mozilla exploit will still be able > > t osee my mail? Not good. And ssh connects to the net, too, so it will > > not even protect my ~/.ssh/private_key ? > > I believe it will read your private_key while at a higher level, then > will be demoted when it access the net. > > Is that right? Hmm.. you are the security expert here :-). But it still needs private key while accessing the net.. so even if it does read from ~/.ssh/private_key, first, what stops mozilla from waiting for ssh to start talking on the network, and then read the key from ssh's memory? Do you have examples where this security model stops an attack? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/