SELinux and the Desktop
Colin Walters
walters at redhat.com
Wed Oct 13 18:33:02 UTC 2004
On Wed, 2004-10-13 at 13:59 -0400, Stephen Smalley wrote:
> >From the program/script. Transitions can occur on scripts (if they are
> exec'd), but the caller domain needs to be trusted with respect to the
> new domain (e.g. shedding permissions) in that case due to the lack of
> safety in script execution.
The major threat here is environment variables, right? I wonder what all
would break if we by changed e.g. bash and python to by default clean
the environment before executing the script if it was executed from a
domain transition (they could check in the same way glibc does, right?).
More information about the selinux
mailing list