lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1252002358-6612-1-git-send-email-dpquigl@tycho.nsa.gov>
Date:	Thu,  3 Sep 2009 14:25:55 -0400
From:	"David P. Quigley" <dpquigl@...ho.nsa.gov>
To:	sds@...ho.nsa.gov, jmorris@...ei.org, casey@...aufler-ca.com,
	gregkh@...e.de, ebiederm@...ssion.com
Cc:	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [PATCH] Security/sysfs: Enable security xattrs to be set on sysfs files, directories, and symlinks


This is revision three of the sysfs labeling patch set. Changes from version
two are that the new LSM hooks proposed in the last patch have been removed and
replaced with several hooks that were developed for labeled NFS. Instead of
storing the secid which Casey objected to it was replaced with the result of a
call to the new security_inode_getsecctx call. This call was developed to
handle the case where we may have a multiple xattr lsm. So in the new case
sysfs will make a call to getsecctx when the new xattr is set and this will
retreive all of the security information in one string. Subsequent inode
instantiations will take this value out of the sysfs dentry and use the new
security_inode_notifysecctx to place it into the sysfs inode. The third hook
setsecctx is there to round off the set and performs both the setting of incore
state and on disk value of the xattrs. This isn't used for sysfs because there
is no disk backing store for the inode.

 fs/sysfs/dir.c             |    1 +
 fs/sysfs/inode.c           |  135 ++++++++++++++++++++++++++++++++------------
 fs/sysfs/symlink.c         |    2 +
 fs/sysfs/sysfs.h           |   12 ++++-
 fs/xattr.c                 |   55 ++++++++++++++----
 include/linux/security.h   |   55 ++++++++++++++++++
 include/linux/xattr.h      |    1 +
 security/capability.c      |   17 ++++++
 security/security.c        |   18 ++++++
 security/selinux/hooks.c   |   33 +++++++++++
 security/smack/smack_lsm.c |   24 ++++++++
 11 files changed, 303 insertions(+), 50 deletions(-)
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ