lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 3 Oct 2007 06:12:54 +0100
From:	Al Viro <viro@....linux.org.uk>
To:	Casey Schaufler <casey@...aufler-ca.com>
Cc:	torvalds@...l.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, akpm@...l.org, paul.moore@...com
Subject: Re: [PATCH] Version 4 (2.6.23-rc8-mm2) Smack: Simplified Mandatory Access Control Kernel

On Tue, Oct 02, 2007 at 09:45:42PM -0700, Casey Schaufler wrote:
> 
> From: Casey Schaufler <casey@...aufler-ca.com>
> 
> Smack is the Simplified Mandatory Access Control Kernel.
> 
> Smack implements mandatory access control (MAC) using labels
> attached to tasks and data containers, including files, SVIPC,
> and other tasks. Smack is a kernel based scheme that requires
> an absolute minimum of application support and a very small
> amount of configuration data.

I _really_ don't like what you are doing with these symlinks.
For one thing, you have no exclusion between reading the list
entries and modifying them.  For another...  WTF is filesystem
making assumptions about the locations where the things are
mounted?  Hell, even if you override your tmp symlink, what
happens if we want it in two chroot jails with different layouts?

I really don't get it; why not simply have something like
/smack/tmp.link resolve to tmp/<label> and have userland bind or mount
whatever you bloody like on /smack/tmp?  No problems with absolute
paths, can be used in chroot jails with whatever layouts, ditto for
namespaces, etc. and both symlink and directory get created at
the same time (by one name).  Hell, if you keep a reference
to dentry of directory in the data associated with symlink,
you can simply switch nd->dentry to that, drop the old one
and grab the reference to page containing label and return
it via nd_set_link().  No need to play with allocations, strcat,
yadda, yadda.  readlink() can stuff the ->d_name of the same
dentry plus / plus label directly into user buffer; again, no
allocations needed and works fine anywhere.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists