Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Questions about MAC
From: Robert Watson (rwatsonfreebsd.org)
Date: Wed Jan 07 2004 - 14:34:56 CST
On Mon, 5 Jan 2004, Peter Pentchev wrote:
> The 'sudo echo blah >> foo' command does not succeed, since the
> redirection is attempted by my own shell still running as my own
> account, 'roam', which does not have write access to the new file; only
> the 'echo blah' command is executed with root privileges. The next
> attempt, executing a shell to perform the redirection, succeeds.
FYI, sudo hasn't been modified to set MAC labels, so if you do use sudo,
use it carefully. It might make sense to stick sudo in the base tree
someday (Apple does this with Darwin), and if so, it would be ripe for the
picking when it comes to adding MAC support.
Your diagnosis of the redirect running with the wrong label sounds correct
to me, also FYI. :-)
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robertfledge.watson.org Senior Research Scientist, McAfee Research
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"