Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758009AbZC2O0S (ORCPT ); Sun, 29 Mar 2009 10:26:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755572AbZC2O0A (ORCPT ); Sun, 29 Mar 2009 10:26:00 -0400 Received: from mail-in-03.arcor-online.net ([151.189.21.43]:33653 "EHLO mail-in-03.arcor-online.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755501AbZC2OZ7 (ORCPT ); Sun, 29 Mar 2009 10:25:59 -0400 X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-06.arcor-online.net 8359339A728 Date: Sun, 29 Mar 2009 16:25:54 +0200 (CEST) From: Bodo Eggert <7eggert@gmx.de> To: Pavel Machek cc: Bodo Eggert <7eggert@gmx.de>, James Morris , kernel list Subject: Re: TOMOYO in linux-next In-Reply-To: <20090329115830.GA15492@elf.ucw.cz> Message-ID: References: <20090327114224.GF2585@elf.ucw.cz> <20090329115830.GA15492@elf.ucw.cz> User-Agent: Alpine 1.10 (LNX 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1898 Lines: 44 On Sun, 29 Mar 2009, Pavel Machek wrote: > On Fri 2009-03-27 14:04:32, Bodo Eggert wrote: >> On Fri, 27 Mar 2009, Pavel Machek wrote: >>> On Fri 2009-03-27 10:28:07, Bodo Eggert wrote: >>>> Pavel Machek wrote: >>>>> I don't think merging that is good idea. Security should be doable >>>>> without making shell-like glob matching... >>>> >>>> How do you suppose a security system should handle mozilla modifying >>>> ~/.bashrc differently from downloading something to ~/pr0n.jpg? >>> >>> How does shell-like glob matching help there? You'd need to parse >>> /etc/passwd to find all ~ directories... >> >> That is, if you'd use HOME=`dd if=/dev/urandom ...`. >> >> If you have your users in /home/user, you can tell /home/*/.* >> is bad, /home/*/[^.]* is OK. > > On the common systems I know of, homes are spread over different > volumes and different directories. TOMOYO's wildcards do _not_ solve > this particular problems. Don't do that then. If you start having user's homes at /usr/local/sbin/something/, your systenm is FUBAR anyway. Put your homes into /home/volume/group/user (=~ /home/*/*/*/.*). >> How would you exclude mozilla from writing to .* then? ".a" is bad, >> ".b" is bad ...? or "A" is OK, "a" is OK, "zzzzzzzzzzzzz" is OK"? >> Either way, you'd need several universes to store the security profile. > > What is magic about .* files? I want mozilla to store the pictures as > .naughty.picture.jpg -- I don't see anything wrong with that. As long as you have a guaranteed-to-be-complete list of config files, you can get along without wildcards. And still if you do, I'll write a program to make it incomplete. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/