| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Sep 2011 10:25:44 +0300 From: "Sakkinen, Jarkko" <jarkko.sakkinen@...el.com> To: Stephen Smalley <sds@...ho.nsa.gov> Cc: Casey Schaufler <casey@...aufler-ca.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH] Smack: Use secureexec with SMACK64EXEC On Wed, Sep 21, 2011 at 8:15 PM, Stephen Smalley <sds@...ho.nsa.gov> wrote: > bprm->unsafe isn't private to your security module, unlike e.g. > bprm->cred->security. And it isn't intended to indicate that a > secureexec is being performed, but instead as an indicator that a > credential-changing exec may be unsafe. Which you presently ignore. > Defining and setting a new flag in it will have interesting side > effects, e.g. consider cap_bprm_secureexec, not to mention being a > layering violation and a source of future conflicts. > > Why can't your bprm_secureexec hook just test isp->smk_task directly? > It can reach it from the bprm. Or if you don't like testing it twice, > then you could always add a flag to your struct referenced by > bprm->cred->security, i.e. the smack_task struct. Thank you. You're absolutely right on this and yes, I can safely just use isp->smk_task. No need for that flag. BTW, do you know why AppArmor does use similar flag AA_SECURE_X_NEEDED? > BTW, there is a lot more to do if you want SMACK64EXEC to be safe. Can you open up this a bit? /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists