[redhat-lspp] /home at SystemHigh
Klaus Weidner
klaus at atsec.com
Fri Feb 24 17:50:10 UTC 2006
On Fri, Feb 24, 2006 at 10:32:52AM -0600, LC Bruzenak wrote:
> If you wouldn't mind too much, can someone briefly explain what you mean
> by "to prevent leaks"?
Something like the following sequence:
- sysadmin starts adding user Joe
- The new /home/joe/ starts out at SystemHigh
- some other process puts a secret file into /home/joe/unimportant.txt
- the final useradd step, or a later sysadmin action, downgrades
/home/joe/ recursively to SystemLow, including the formerly top secret
file
-Klaus
More information about the redhat-lspp
mailing list