| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Mar 2007 19:49:30 -0400 (EDT) From: James Morris <jmorris@...ei.org> To: Joy Latten <latten@...tin.ibm.com> cc: David Miller <davem@...emloft.net>, selinux@...ho.nsa.gov, netdev@...r.kernel.org, vyekkirala@...stedcs.com Subject: Re: [PATCH]: Add security check before flushing SAD/SPD On Thu, 22 Mar 2007, Joy Latten wrote: > > I would look at this patch differently if there were some > > security level key being checked for a match here, which is > > an input key to the flush, but that is not what is happening > > here as the object is being looked at by itself. > > Yes, I understand what you are saying. > I was concerned about having to check each entry > to flush database. > > I did this patch because we check for authorization > when deleting single specified entries from the SAD/SPD. It > seem like a hole to me that we check for this, but that same > user/process can delete the entire database with no checks. Indeed. Removing an entry is modifying MAC policy, which requires appropriate authorization. The security label is encapsulated with the object, which is why it's passed to the security layer. Perhaps a better semantic would be to fail the entire flush operation if one of the security checks failed. e.g. loop through for permissions first, then if all ok, loop through for deletion. - James -- James Morris <jmorris@...ei.org> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists