Domains, interpreted languages, and Cron scripts
Bill McCarty
bmccarty at pt-net.net
Mon Aug 16 20:13:25 UTC 2004
I see--please pardon my pedanticism <g>.
Cheers,
--On Monday, August 16, 2004 2:54 PM -0400 Stephen Smalley
<sds at epoch.ncsc.mil> wrote:
> On Mon, 2004-08-16 at 14:33, Bill McCarty wrote:
>> It does seem reasonable to avoid domain transitions whereby someone
>> could gain permissions. But, Cron isn't all powerful and so I must
>> allow one or more domain transitions that selectively add permissions.
>> Otherwise, I'd have to extend Cron itself an unacceptably extensive
>> range of permissions.
>
> True. A better statement would be "domain transitions on scripts should
> only be done when the caller is trusted not to abuse them."
>
> --
> Stephen Smalley <sds at epoch.ncsc.mil>
> National Security Agency
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Bill McCarty, Ph.D.
Professor of Information Technology
Azusa Pacific University
More information about the fedora-selinux-list
mailing list