Hi Stephen,
--On Monday, August 16, 2004 9:14 AM -0400 Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote:
Just as a reminder, domain transitions on scripts should only be done when shedding permissions.
I'm not sure that I understand. So, please pardon my flailing at the issue. I have a feeling that I'm missing important context <g>.
It does seem reasonable to avoid domain transitions whereby someone could gain permissions. But, Cron isn't all powerful and so I must allow one or more domain transitions that selectively add permissions. Otherwise, I'd have to extend Cron itself an unacceptably extensive range of permissions.
Cheers,
-- Bill McCarty, Ph.D. Professor of Information Technology Azusa Pacific University
