Posted Sep 23, 2004 13:44 UTC (Thu) by walters
In reply to: Complexity
Parent article: An introduction to SELinux
So why can't the "compiler" work all this stuff out for me? That's what computers are good at: automating all the grunt-work.
How can the compiler know what will later happen on your system? If some attacker gains privileges to bind mount /foo to /, then all of a sudden you have a whole other set of access points.
to post comments)