[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <p73tzntzuak.fsf@bingen.suse.de>
Date: Sat, 10 Nov 2007 22:04:35 +0100
From: Andi Kleen <andi@...stfloor.org>
To: Crispin Cowan <crispin@...spincowan.com>
Cc: Arjan van de Ven <arjan@...radead.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
LSM ML <linux-security-module@...r.kernel.org>,
apparmor-dev <apparmor-dev@...ge.novell.com>
Subject: Re: AppArmor Security Goal
Crispin Cowan <crispin@...spincowan.com> writes:
The document should be a good base for a merge.
> * A confined process can operate on a file descriptor passed to it
> by an unconfined process, even if it manipulates a file not in the
> confined process's profile. To block this attack, confine the
> process that passed the file descriptor.
That is the only thing that tripped me up a bit while reading the document.
Can you expand a bit on the reasons why the fd is not rechecked in
the context of the target process? Best do it in a new version of the
document.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists