-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Tue, 2006-06-06 at 13:53 -0400, Chuck Mead wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> The file /proc/self/attrib/current is world read and write. Is this
>> correct? Why does it need world read and write?
> 
> To completely disable DAC restrictions, and leave it entirely to SELinux
> to control access.  The corresponding hook functions in the SELinux
> "module", selinux_getprocattr and selinux_setprocattr, apply permission
> checks on reading and writing these nodes, and selinux_setprocattr
> further prohibits a task from setting (writing) attributes other than
> its own.
> 
> The DAC restrictions can be problematic when the task becomes
> undumpable, e.g. setuid or setgid programs could otherwise lose access
> to their own /proc/pid/attr nodes.

If selinux is disabled is this file still present?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEjW/xZfy0juH51WsRAtwCAJ0bFY7+YKxe7sr9WgQCvx8VY4okcgCgkVT/
EVDRmiSlQ48BC0s3EdkpvNo=
=44pn
-----END PGP SIGNATURE-----