| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Nov 2006 17:29:25 -0500 (EST) From: James Morris <jmorris@...ei.org> To: Stephen Smalley <sds@...ho.nsa.gov> cc: David Howells <dhowells@...hat.com>, Linus Torvalds <torvalds@...l.org>, Andrew Morton <akpm@...l.org>, trond.myklebust@....uio.no, selinux@...ho.nsa.gov, linux-kernel@...r.kernel.org, aviro@...hat.com, steved@...hat.com Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden On Mon, 20 Nov 2006, Stephen Smalley wrote: > > The ability to set this needs to be mediated via MAC policy. > > > > See selinux_setprocattr() > > That's different - selinux_set_fscreate_secid() is for internal use by a > kernel module that wishes to temporarily assume a particular fscreate > SID, whereas selinux_setprocattr() handles userspace writes > to /proc/self/attr nodes. Imposing a permission check here makes no > sense. Well, the hook is exported generally to the kernel, so we need to ensure that it is documented with a big warning. The name of the hook should perhaps make it more obvious, like set_internal_ or so. - James -- James Morris <jmorris@...ei.org> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists