Debian / SE/Linux - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193664
Markus Friedl
markus at openbsd.org
Mon May 31 18:59:56 EST 2004
On Sun, May 30, 2004 at 12:35:07PM +0000, Luke Kenneth Casson Leighton wrote:
> well, i'd be remiss in not mentioning it to you: fortunately
> in this case it looks like it's covered.
>
> it'd be really helpful, however, if you _could_ apply that
> close-on-exec, because without it, it's necessary to add an
> audit "ignore" just for that file handle, which could come
> back and bite you later, or to constantly and forever apply
> that patch in all releases of an openssh'd selinux package.
i think adding close-on-exec is wrong in this case.
More information about the openssh-unix-dev
mailing list