Javier Juan Martínez Cabezón wrote:
> there is not
> a magic button "switch_off" as SELINUX.
and yet previously
>> UID 0 can't switch off nothing only role admin can do it, and usually
>> is not UID 0, in rsbac is UID 400.
>> DAC WOULD NEVER be secure without RBAC.
and yet this is DAC with chr
Let's play your game as you keep mixing up contexts and you're the one
> making blanket statements not me and telling me you know what I know
> better than myself. I merely said that methods of breaking RBAC have
> been discussed and a kernel exploit is one of them.
>
> I haven't seen no methods in
On Wed, 14 Dec 2011 16:27:45 +0100
Javier Juan Martínez Cabezón wrote:
When I have more time I promise to hunt the references out and send
them to you.
> I have never said to eliminate DAC. I just told that ONLY DAC as
> openbsd do is a bad option and insecure.
> You can substitute DAC with RBAC
when perl is executed as interpretation (perl mynastyscript) it
changes his role to perl_role
perl role has only the rights to open scripts marked as trusted, if
the script is trusted, read is permitted and a change of role happens
to user role is done. If it's not trusted, then perl can only do w
Hi!
On Wed, Dec 14, 2011 at 04:27:45PM +0100, Javier Juan Martínez Cabezón wrote:
> I told you, with a secure TPE (so scripts fully controlled) tell me
> how to write one kernel exploit under bash without calling external
> code.
How about
$ perl -e 'exploit code here'
or just
$ perl
> I suggest you do some more reading at grsecurity.net or even the
> OpenBSD mailing list. I haven't got time to hunt down the two references
> that stick in my mind but keep your ears open and you may realise one
> of the kernel exploits could/can/will do just that. Do you really
> believe it's im
On Tue, 13 Dec 2011 22:20:00 +0100
Javier Juan Martínez Cabezón wrote:
> Give me an example of direct attack via memory as you say, accessible
> devices and anything else said you before.
I suggest you do some more reading at grsecurity.net or even the
OpenBSD mailing list. I haven't got time to
