lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0711101325240.4780@asgard.lang.hm>
Date:	Sat, 10 Nov 2007 13:28:25 -0800 (PST)
From:	david@...g.hm
To:	Andi Kleen <andi@...stfloor.org>
cc:	Crispin Cowan <crispin@...spincowan.com>,
	Arjan van de Ven <arjan@...radead.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	LSM ML <linux-security-module@...r.kernel.org>,
	apparmor-dev <apparmor-dev@...ge.novell.com>
Subject: Re: AppArmor Security Goal

On Sat, 10 Nov 2007, Andi Kleen wrote:

> Crispin Cowan <crispin@...spincowan.com> writes:
>
> The document should be a good base for a merge.
>
>>     * A confined process can operate on a file descriptor passed to it
>>       by an unconfined process, even if it manipulates a file not in the
>>       confined process's profile. To block this attack, confine the
>>       process that passed the file descriptor.
>
> That is the only thing that tripped me up a bit while reading the document.
> Can you expand a bit on the reasons why the fd is not rechecked in
> the context of the target process? Best do it in a new version of the
> document.

from prior discussions I understand that the problem is that it's not easy 
(or nessasarily possible) to figure out the path to the fd, so what do you 
check?

if the file has been removed there _is_ no path to the fd.

with hard links there could be many paths to the fd, the only way to find 
them would be to search the entire filesystem.

as a result App Armor has decided not to try and address this, but is 
documenting it as a limitation.

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ