From: Russell Coker <russell@coker.com.au>
To: Tom <tom@lemuria.org>, Bill Laut <wlsel@verizon.net>
Cc: SELinux <SELinux@tycho.nsa.gov>
Subject: Re: X-Windows and Client-side Buffer Overruns (was Re: Updated Release)
Date: Fri, 1 Aug 2003 01:26:58 +1000 [thread overview]
Message-ID: <200308010126.58444.russell@coker.com.au> (raw)
In-Reply-To: <20030731044521.H13872@lemuria.org>
On Thu, 31 Jul 2003 12:45, Tom wrote:
> On Wed, Jul 30, 2003 at 06:03:29PM -0400, Bill Laut wrote:
> > This leads me to the question: While considerable work has been done to
> > protect the system from server app compromises, what about protecting the
> > system from server-based buffer overrun attacks on clients running under
> > SELinux?
>
> Some work has been done in this area. Russell wrote a policy for an irc
> client as an example. It should be easy to write one for a mailer along
> those lines.
Not that easy.
Using IRC without X access is no great hardship, while using a text based MUA
loses significant functionality. X is currently the main area that SE Linux
does not address yet.
A mail client wants to access mail files under the user's home directory, this
means that the files in question need a separate type as you don't want the
mail client to access all the other files in the home directory. This gives
the usual issues of mv followed by file creation giving a different type and
preventing things working in a way that novice users can't debug...
The mail client needs to be able to save files (easily managed) and to invoke
the web browser and other programs (which may be more difficult).
Finally if using kmail then you have to deal with the kdeinit method of
program launch...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2003-07-31 15:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-11 19:41 Updated Release Howard Holm
2003-07-11 23:31 ` Christopher J. PeBenito
2003-07-14 11:59 ` Stephen Smalley
2003-07-30 22:03 ` X-Windows and Client-side Buffer Overruns (was Re: Updated Release) Bill Laut
2003-07-31 2:45 ` Tom
2003-07-31 15:26 ` Russell Coker [this message]
2003-07-31 15:38 ` Tom
2003-07-31 16:26 ` Bill Laut
2003-07-31 23:41 ` Russell Coker
2003-08-01 17:20 ` Bill Laut
2003-08-08 20:12 ` X-Windows and Client-side Buffer Overruns Florian Weimer
2003-08-08 20:05 ` Florian Weimer
2003-07-31 2:56 ` Updated Release Bill Laut
2003-07-31 12:20 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200308010126.58444.russell@coker.com.au \
--to=russell@coker.com.au \
--cc=SELinux@tycho.nsa.gov \
--cc=tom@lemuria.org \
--cc=wlsel@verizon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.