[rsbac] Feature request: type_user_owner_def_fd_create after chown
Amon Ott
ao at rsbac.org
Mon Jan 19 09:08:29 CET 2009
On Sunday 18 January 2009 wrote Javier J. Martínez Cabezón:
> could close one attack vector from root (for example with TIOCSTI
> ioctl).
TIOCSTI has its own request type on DEV: SEND
So that attack vector should be no problem, by default it should be denied to
anyone. What other vectors do you think are there?
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list