| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200803252045.CGB04105.HLSQFOJMtOFVOF@I-love.SAKURA.ne.jp>
Date: Tue, 25 Mar 2008 20:45:53 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: neilb@...e.de, miklos@...redi.hu
Cc: viro@...IV.linux.org.uk, haveblue@...ibm.com,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
akpm@...ux-foundation.org, hch@...radead.org,
linux-security-module@...r.kernel.org, jmorris@...ei.org
Subject: Re: r-o bind in nfsd
Hello.
> Maybe some enhancement to the 'intent' structure with a similar
> effect could be done instead.
>
> Then you could, presumably, put a security hook somewhere in
> link_path_walk for those modules (like AppArmor) which want to do
> checks based on the namespace.
I think link_path_walk() is not a good place to insert new LSM hooks
for pathname based access control (AppArmor and TOMOYO) purpose because
(1) The kernel don't know what operation (open/create/truncate etc.) will be
done at the moment of link_path_walk().
(2) Not all operations call link_path_walk() before these operations
are done. For example, ftruncate() doesn't call link_path_walk().
(3) The rename() and link() operations handle two pathnames.
But, it is not possible to know both pathnames at the moment of
link_path_walk().
I think we need to introduce new LSM hooks outside link_path_walk().
http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists