From: Tom <tom@lemuria.org>
To: Russell Coker <russell@coker.com.au>
Cc: Bill Laut <wlsel@verizon.net>, SELinux <SELinux@tycho.nsa.gov>
Subject: Re: X-Windows and Client-side Buffer Overruns (was Re: Updated Release)
Date: Thu, 31 Jul 2003 17:38:10 +0200 [thread overview]
Message-ID: <20030731173810.E16284@lemuria.org> (raw)
In-Reply-To: <200308010126.58444.russell@coker.com.au>; from russell@coker.com.au on Fri, Aug 01, 2003 at 01:26:58AM +1000
On Fri, Aug 01, 2003 at 01:26:58AM +1000, Russell Coker wrote:
> Using IRC without X access is no great hardship, while using a text based MUA
> loses significant functionality.
Uh?
<img content="stupid look on face of an avid mutt user">
> X is currently the main area that SE Linux
> does not address yet.
True. However, that is not a problem specific to a MUA.
> A mail client wants to access mail files under the user's home directory, this
> means that the files in question need a separate type as you don't want the
> mail client to access all the other files in the home directory. This gives
> the usual issues of mv followed by file creation giving a different type and
> preventing things working in a way that novice users can't debug...
I'd do this the same way I did it with my subversion policy: Set up the
mail directory so that only the MUA (running in its own domain) can
access it. That way, the user simply can't mess up file labels.
> The mail client needs to be able to save files (easily managed) and to invoke
> the web browser and other programs (which may be more difficult).
I've been wanting to create a "downloaded files" domain for netscape
anyways. Did I post about that already? In short, there'd be a
~/Downloads dir with a special type and some auto-trans rules so that
stuff you download and "try out" runs in an untrusted domain, etc.
Maybe we should just create a more general "untrusted files" domain?
> Finally if using kmail then you have to deal with the kdeinit method of
> program launch...
I smell an SEKDE project on the horizon. From what I've seen, KDE is
way too integrated with itself to behave nicely with SE without changes
in the KDE code itself.
--
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2003-07-31 15:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-11 19:41 Updated Release Howard Holm
2003-07-11 23:31 ` Christopher J. PeBenito
2003-07-14 11:59 ` Stephen Smalley
2003-07-30 22:03 ` X-Windows and Client-side Buffer Overruns (was Re: Updated Release) Bill Laut
2003-07-31 2:45 ` Tom
2003-07-31 15:26 ` Russell Coker
2003-07-31 15:38 ` Tom [this message]
2003-07-31 16:26 ` Bill Laut
2003-07-31 23:41 ` Russell Coker
2003-08-01 17:20 ` Bill Laut
2003-08-08 20:12 ` X-Windows and Client-side Buffer Overruns Florian Weimer
2003-08-08 20:05 ` Florian Weimer
2003-07-31 2:56 ` Updated Release Bill Laut
2003-07-31 12:20 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030731173810.E16284@lemuria.org \
--to=tom@lemuria.org \
--cc=SELinux@tycho.nsa.gov \
--cc=russell@coker.com.au \
--cc=wlsel@verizon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.