On Mon, 12 Dec 2011 23:27:04 GMT, lists@xxxxxxxxxxxxxx said: > That sounds like a "confused deputy". > http://www.cis.upenn.edu/~KeyKOS/ConfusedDeputy.html Yep, same basic problem.. > Is it reasonable to obtain all timezone data at program startup and > refuse to open locale-related files after chroot? If you're trying to do it with SELinux policy, that would require opening the locale file before the chroot, then changing the selinux context to something that can't open locale_t and then doing the chroot. Unfortunately, that's fast approaching "cure is worse than the disease", because it means the initial context has to have the ability to change its context (in the standard selinux policy, that's restricted to only 2 or 3 binaries like 'newrole'). We're lucky nobody has looked into what should happen on an MLS-enabled system :)
Attachment:
pgpVI62Hapy9C.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/