| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Sep 2011 16:57:04 +0300 (EEST) From: Jarkko Sakkinen <jarkko.sakkinen@...el.com> To: Stephen Smalley <sds@...ho.nsa.gov> cc: Casey Schaufler <casey@...aufler-ca.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH] Smack: fix domain transfer issues On Thu, 29 Sep 2011, Stephen Smalley wrote: > On Thu, 2011-09-29 at 11:26 +0300, Jarkko Sakkinen wrote: >> MNT_NOSUID should be checked. > > Doubtful, as Smack and capabilities are completely orthogonal, right? > Even for SELinux, the nosuid check is a bit of a nuisance. What I'm planning to do is to not switch domain if filesystem is mounted with nosuid. Same logic as prepare_binprm does for suid and sgid bits. >> Also, I'll plan to >> implement permission check for ptrace but in the >> scope of this patch. > > Still no transition or entrypoint checks, open file revalidation, parent > death signal clearing, ...? I've already added death signal clearing to the next-to-be-submitted revision of this patch. I'm planning to implemented flushing of non-permissible files and signals as two separate patches later on (in the near future however). /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists