On 29/09/2014 13:00, selinux-request@lists.fedoraproject.org wrote:
Message: 2 Date: Mon, 29 Sep 2014 10:00:00 +0200 From: Florian Weimer fweimer@redhat.com To: selinux@lists.fedoraproject.org Subject: Re: SELinux and the bash exploit. Message-ID: 54291180.6020903@redhat.com Content-Type: text/plain; charset=utf-8; format=flowed On 09/25/2014 11:40 PM, Daniel J Walsh wrote:
I wonder why environment variables aren't labeled because they evidently cross trust boundaries in surprising fashions.
-- Florian Weimer / Red Hat Product Security
Hmm. Quite so. I sense a whole raft of environmental cleansing mechanisms being added to SELinux any minute now..
selinux@lists.fedoraproject.org