lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 8 Jul 2011 17:17:22 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Eric Paris <eparis@...hat.com>
Cc:	xfs-masters@....sgi.com, linux-btrfs@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-ext4@...r.kernel.org,
	cluster-devel@...hat.com, linux-mtd@...ts.infradead.org,
	jfs-discussion@...ts.sourceforge.net, ocfs2-devel@....oracle.com,
	reiserfs-devel@...r.kernel.org, xfs@....sgi.com,
	linux-mm@...ck.org, linux-security-module@...r.kernel.org,
	jack@...e.cz, penguin-kernel@...ove.SAKURA.ne.jp, jeffm@...e.com,
	jmorris@...ei.org, dhowells@...hat.com, adilger.kernel@...ger.ca,
	shaggy@...ux.vnet.ibm.com, shemminger@...tta.com, hch@....de,
	hughd@...gle.com, joel.becker@...cle.com, chris.mason@...cle.com,
	aelder@....com, kees.cook@...onical.com, sds@...ho.nsa.gov,
	paul.moore@...com, mfasheh@...e.com, dchinner@...hat.com,
	eparis@...isplace.org, swhiteho@...hat.com, tao.ma@...cle.com,
	tytso@....edu, casey@...aufler-ca.com, serue@...ibm.com,
	akpm@...ux-foundation.org, dwmw2@...radead.org
Subject: Re: [PATCH] fs/vfs/security: pass last path component to LSM on
 inode creation

On Wed, Dec 08, 2010 at 02:45:27PM -0500, Eric Paris wrote:
> SELinux would like to implement a new labeling behavior of newly created
> inodes.  We currently label new inodes based on the parent and the creating
> process.  This new behavior would also take into account the name of the
> new object when deciding the new label.  This is not the (supposed) full path,
> just the last component of the path.
> 
> This is very useful because creating /etc/shadow is different than creating
> /etc/passwd but the kernel hooks are unable to differentiate these
> operations.  We currently require that userspace realize it is doing some
> difficult operation like that and than userspace jumps through SELinux hoops
> to get things set up correctly.  This patch does not implement new
> behavior, that is obviously contained in a seperate SELinux patch, but it
> does pass the needed name down to the correct LSM hook.  If no such name
> exists it is fine to pass NULL.

-ETOOFUCKINGUGLY...
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists