| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1796.1163614917@redhat.com> Date: Wed, 15 Nov 2006 18:21:57 +0000 From: David Howells <dhowells@...hat.com> To: Karl MacMillan <kmacmillan@...talrootkit.com> Cc: David Howells <dhowells@...hat.com>, James Morris <jmorris@...ei.org>, Linus Torvalds <torvalds@...l.org>, Andrew Morton <akpm@...l.org>, Stephen Smalley <sds@...ho.nsa.gov>, trond.myklebust@....uio.no, selinux@...ho.nsa.gov, linux-kernel@...r.kernel.org, aviro@...hat.com, steved@...hat.com Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden Karl MacMillan <kmacmillan@...talrootkit.com> wrote: > > and the race in which the rules might change is still a > > possibility I have to deal with. > > I don't think this is a race, it is revocation of access. If you check the > access at every operation and correctly deal with access failures, then this > shouldn't be a problem. Yes it is a pain, but that is how SELinux is supposed > to work. Yes, but what is the correct method of dealing with a failure? All I can think of is to SIGKILL the process. David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists