On Tue, 2009-06-16 at 11:23 -0400, Steve Grubb wrote:
> On Tuesday 16 June 2009 10:55:33 am Eric Paris wrote:
> > > > I feel good for all but the { setattr write }
> > > >
> > > > It's a new message, we have no parsers which need the old format, how
> > > > would others feel about
> > > >
> > > > perm="setattr,write" ?
> > >
> > > I'd recommend losing the quotes. I think you are doing this because of
> > > untrusted_string, but I doubt the user can influence this.
> >
> > I'm starting to buy into the 'quotes makes it easy to know it's a
> > string' argument from jdennis.
>
> Any field that has a value starting and ending with quotes means that its
> encoded due to untrusted users having influence over it. That is the parsing
> rule.
Maybe you meant to say that any field starting with a quote is a string
that COULD have been encoded but wasn't because it was found to contain
a safe valid string. I don't see how this hurts those rules.
Like I said I'm ok with dropping the "" but I think it is a lot easier
on the parser to put " around strings to make them easier to
recognize....
-Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
