I see--please pardon my pedanticism <g>.
Cheers,
--On Monday, August 16, 2004 2:54 PM -0400 Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote:
On Mon, 2004-08-16 at 14:33, Bill McCarty wrote:It does seem reasonable to avoid domain transitions whereby someone could gain permissions. But, Cron isn't all powerful and so I must allow one or more domain transitions that selectively add permissions. Otherwise, I'd have to extend Cron itself an unacceptably extensive range of permissions.
True. A better statement would be "domain transitions on scripts should only be done when the caller is trusted not to abuse them."
-- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- Bill McCarty, Ph.D. Professor of Information Technology Azusa Pacific University
