Hello. Vladimir Petrovic wrote: > I would like to ask something else. I've written my rules for firefox > and everything works as expected except that firefox is able to list > any directory on the system. If it tries to open any file, tomoyo will > stop it it if doesn't have allow_read, but it is able to read any > directory. I'm I doing something wrong, or this is the part of design > ? People store information as a file, not as filename. For example, if you want to store password "hello", you would create a file like ~/password and write "hello" rather than creating a file like ~/password-is-hello . The damage caused by allowing reading of directory entries is negligibly-small. Also, checking directory's read and execute permissions is inconsistent because the result of access control depends on the current directory. Suppose you are already at /var/www/html/ directory and the permission of /var/www/ changed to 0000. "ls -l /var/www/html/" fails but "ls -l" succeeds. This is inconsistent because both requests refer the same directory. Thus, TOMOYO does not check directory's read and execute permissions. Also, TOMOYO does not check read permission upon read(), write permission upon write() for performance reason. TOMOYO checks permission upon open(). Thanks.
TOMOYO
Fork