Re: [PATCH] remove sys_security

Jakob Oestergaard (jakob@unthought.net)
Fri, 18 Oct 2002 16:24:59 +0200

On Thu, Oct 17, 2002 at 04:08:55PM -0700, David S. Miller wrote:
> From: Chris Wright <chris@wirex.com>
> Date: Thu, 17 Oct 2002 16:04:36 -0700
>
> the photographer would like it if the mp3 player can't remove files
> in ~/photos/ when it plays a malicious .mp3 file.
>
> LSM doesn't provide anything in this area which can't be done
> today. You can protect that directory from malicious programs
> today with file/dir protections and running programs with a different
> capability set or even with a different euid/egid for file accesses.

Ok - now I'm surprised.

How do I prevent my Evolution from reading
Projects/top-secret-stuff/main.c ?

I mean, my emacs should still be able to read it of course, and su'ing
to fifty different users for each of the fifty applications I usually
run is not really an option of course.

Please enlighten me :)

-- 
................................................................
:   jakob@unthought.net   : And I see the elder races,         :
:.........................: putrid forms of man                :
:   Jakob Østergaard      : See him rise and claim the earth,  :
:        OZ9ABN           : his downfall is at hand.           :
:.........................:............{Konkhra}...............:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/