canna .... still wants to access /tmp
Russell Coker
russell at coker.com.au
Thu Jun 10 05:16:38 UTC 2004
On Thu, 10 Jun 2004 04:04, Tom London <selinux at comcast.net> wrote:
> Looks like the new policy (selinux-strict-policy-1.13.4-2) removes
> access to tmp files in canna.te. But canna (Canna-0.3.7p3-2) still
> wants to access /tmp/.
>
> Are there new versions of the canna stuff coming that move the files
> from /tmp elsewhere?
The plan is that canna will be modified to put it's unix domain socket files
under /var/run. The current situation is a grave security hole for non-SE
systems and systems running the targetted policy.
For the current canna implementation you can rename the unix domain socket,
create your own socket under the well known name, then proxy data across thus
reading the majority of text that the unsuspecting user types.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list