Re: ANN: imsep 0.6

From: Tim Janik <timj gtk org>
To: Colin Walters <walters gnome org>
Cc: Gtk+ Developers <gtk-devel-list gnome org>, selinux tycho nsa gov
Subject: Re: ANN: imsep 0.6
Date: Thu, 21 Oct 2004 08:59:20 +0200 (CEST)

On Thu, 21 Oct 2004, Colin Walters wrote:

Hi,

I'd like to announce the first release of a little project called Imsep.
The goal, in short, is to completely isolate image loaders using
SELinux, so that a compromised or buggy image loader can do essentially
nothing.   It's designed for the "targeted" SELinux policy to be
released with Fedora Core 3.

I've put up a little web page here with slightly more information:

http://web.verbum.org/imsep/

The source includes a sample SELinux policy.

For people reading on the GTK+ list: I've created an initial patch to
make gdk-pixbuf use imsep, it seems to work:

http://web.verbum.org/imsep/download/gdk-pixbuf-imsep-0.6.patch

The GDK_PIXBUF_FORMAT_REQUIRES_LOAD feels like a hack, but I didn't see
a better alternative.

Comments welcome.


it'd be nice if you could give a description of what the patch attempts
to achive. reading through it, i simply don't understand what it intends
to achive/change.

partially, that's due to io-imsep.c missing from your patch, you shouldcreate patches with diff -Nup to catch newly added files.


---
ciaoTJ

Follow-Ups:
- Re: ANN: imsep 0.6
  - From: Colin Walters

References:
- ANN: imsep 0.6
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]