Y
Hacker News
new
|
ask
|
show
|
jobs
by
yrro
1903 days ago
Bold of you to assume my third party code runs with the same UID and SELinux label as my credentials-handling code.
(I wish, it's April 1 after all!)
1 comments
josephcsible
1902 days ago
If the third party code runs with a different UID, then it can't read the environment either.
link
yrro
1901 days ago
Unless it has DAC override or other capabilities. Belt and braces!
link
josephcsible
1901 days ago
If it has DAC override, then it can read your credentials file just as easily as it can the environment.
link
yrro
1901 days ago
Not if SELinux policy prevents it.
link