lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 08 Aug 2006 13:44:06 -0400
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
Cc:	Eric Paris <eparis@...hat.com>, Al Viro <viro@....linux.org.uk>,
	James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org,
	davem@...hat.com, jack@...e.cz, dwmw2@...radead.org,
	tony.luck@...el.com, jdike@...aya.com,
	James.Bottomley@...senPartnership.com
Subject: Re: How to lock current->signal->tty

On Tue, 2006-08-08 at 18:43 +0100, Alan Cox wrote:
> Ar Maw, 2006-08-08 am 13:11 -0400, ysgrifennodd Stephen Smalley:
> > Does this look sane?  Or do we need a common helper factored from
> > disassociate_ctty()?  Why is the locking different for TIOCNOTTY in the
> > non-leader case?
> 
> The non-leader case for TIOCNOTTY in the base kernel is different
> because it is wrong and I've fixed that one.
> 
> If you can factor disassociate_ctty out to do what you need I'd prefer
> that path so the tty locking actually ends up in the tty layer.
> 
> > +	mutex_lock(&tty_mutex);
> > +	tty = current->signal->tty;
> >  	if (tty) {
> >  		file_list_lock();
> 
> Looks sane and the lock ordering matches vhangup() which may actually
> also do what you want - I'm not 100% sure I follow what SELinux tries to
> do here.

SELinux is just revalidating access to the tty when the task changes
contexts upon execve, and resetting the tty if the task is no longer
allowed to use it.  Likewise with the open file descriptors that would
be inherited.  No clearing of the ttys of other tasks required as far as
SELinux is concerned, although that might not fit with normal semantics.
  
-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ