[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0706302116200.5375@alien.or.mcafeemobile.com>
Date: Sat, 30 Jun 2007 21:25:08 -0700 (PDT)
From: Davide Libenzi <davidel@...ilserver.org>
To: Kyle Moffett <mrmacman_g4@....com>
cc: Andy Isaacson <adi@...apodia.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Rik van Riel <riel@...hat.com>
Subject: Re: [patch 0/4] MAP_NOZERO v2 - VM_NOZERO/MAP_NOZERO early summer
madness
On Sat, 30 Jun 2007, Kyle Moffett wrote:
> On Jun 30, 2007, at 19:57:18, Davide Libenzi wrote:
> > On Sat, 30 Jun 2007, Kyle Moffett wrote:
> > > Very simple case: SELinux is turned on, an s9 (IE: TOP_SECRET) process
> > > calls free(), and an s3 (IE: UNCLASSIFIED) process calls malloc(), getting
> > > the data from the TOP_SECRET process.
> >
> > Note that you use *s3* and *s9*. Those will be two different context
> > cookies. SeLinux will have its own way to set the cookie in the mm_struct,
> > to *s3* in one case, and to *s9* in the other case. This will make things so
> > that they'll never see each other pages.
>
> Except s3 and s9 aren't complete cookies. A complete label might be:
> "system_u:system_r:apache2_t:s3" for an unclassified apache web-server
> process, or "kmoffett_u:secadmin_r:usershell_t:s9" for me logged in with a
> top-secret label in my security-administrator role. That's why you'd need to
> call an LSM hook to get a unique identifier, as the LSM would actually need to
> allocate identifiers for equivalence classes. Secondly, processes may change
> labels as they run, so you couldn't just call it once and cache the result,
> you would need to call it for every freed page (or every re-use of a page).
It does not matter what the UID contain and how it is generated. The focus
now should be to verify that different UIDs do not see other UIDs pages.
Once that is verified to be true, and if SeLinux actually wants to use
it, we'll find a way so that the other 99% of Linux users won't pay the
price of the abstraction needed to accomplish what they need for this to
work for them. Ok?
- Davide
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists