Desktop apps interoperability
Tom
tom at lemuria.org
Mon Mar 28 15:47:54 UTC 2005
On Mon, Mar 28, 2005 at 10:12:30AM -0500, Stephen Smalley wrote:
> Seems fairly pointless to perform such a relabeling if the context
> determination is based entirely on untrusted input from the same source
> as the data itself and the user isn't involved to any greater degree
> than selecting the file in the first place.
Not so sure about the pointlessness here. The point is that it makes it
more difficult to leverage exploits. Maybe I can break into Firefox,
but with that in place I can't jump from there to mplayer by forcing it
to play something I know will break it.
Lots and lots of system compromises I know about took more than one
exploit and more than one program needed to be broken.
Nevertheless, an explicit "good file" filter is certainly added value.
It doesn't have to be a full-blown virus scanner - on a proper SELinux
system I would expect any unexpected behaviour in mplayer to be
contained. Nevertheless, the filter should at least check whether the
data in question is what it claims to be. No need to port the nightmare
of .doc files that really are .exe or whatever to Linux.
--
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom at lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
More information about the fedora-selinux-list
mailing list