On Thu, 10 Jun 2004 04:04, Tom London <selinux@xxxxxxxxxxx> wrote: > Looks like the new policy (selinux-strict-policy-1.13.4-2) removes > access to tmp files in canna.te. But canna (Canna-0.3.7p3-2) still > wants to access /tmp/. > > Are there new versions of the canna stuff coming that move the files > from /tmp elsewhere? The plan is that canna will be modified to put it's unix domain socket files under /var/run. The current situation is a grave security hole for non-SE systems and systems running the targetted policy. For the current canna implementation you can rename the unix domain socket, create your own socket under the well known name, then proxy data across thus reading the majority of text that the unsuspecting user types. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
