[rsbac] MAC module
Amon Ott
ao at rsbac.org
Thu Sep 6 13:19:09 CEST 2007
On Thursday 06 September 2007 13:03, Fix wrote:
> > Some checks are hardcoded in the module. I agree that
> > MODIFY_SYSTEM_DATA on SCD priority is not critical and should be
> > allowed.
> >
> > The attached patch allows it.
>
> Thanks.
> I think, MODIFY_SYSTEM_DATA on SCD mlock also should be allowed by
> MAC module, especially for GnuPG, to prevent passphrase leaks to
> swap:
Agreed. I have committed the changes to svn, so they will be in the
next 1.3 release.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list