Alan Cox <[EMAIL PROTECTED]> writes: > > The simple case is > open > write cathedral and bazaar in some order > close > <trap close -> process -> label eric_t> > > open (eric_t) - SELinux "no" > > > Anyone smart will then write it out of order and keep the file open, or
That would assume Eric already has a program running on your system optimized to inject his works in a obfuscated way. And if he has a program running he can do nearly everything already. You already lost the game. The normal case Tvrtko et.al. are trying to handle would be more the work getting downloaded from somewhere or read from a usb stick using normal programs like web browsers or file managers who don't do any out of order writing tricks and other obfuscation. Important exception might be things like BitTorrent who write out of order or parallel downloaders to cheat TCP congestion control. Or simply tar+gzip with automatic depacking in desktops. There are probably more and it's probably tricky but it is not a "need to handle arbitary nastiness by a determined attacker" situation. Anyways I'm not saying that pattern matching is a useful security measure (just the interaction with compression and encryption makes it very dubious), but if you're talking hypothetically you should at least look closely at the hypothetical use cases @) -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
