| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201101221101.JJB35923.OFJOOtMFSQFLVH@I-love.SAKURA.ne.jp> Date: Sat, 22 Jan 2011 11:01:18 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: eparis@...hat.com Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: SELinux/SMACK/TOMOYO: ioctl permissions handling is wrong andnonsensicle Eric Paris wrote: > I'm planning to revert this SELinux commit, but I want other LSM authors > to realize that (assuming I'm not completely off in the woods somewhere) > you should take a look at your ioctl permissions checking as well.... Since the mapping of ioctl cmd number and what the kernel does with that number is unknown for LSM modules, TOMOYO does not use permission bits. TOMOYO simply checks ioctl cmd number value passed to ioctl() requests. For example, file ioctl /dev/tty0 0x4B4E file ioctl /dev/console 0x5402 file ioctl /dev/snd/controlC0 0x80045500 file ioctl socket:[family=2:type=1:protocol=6] 0x8942 file ioctl socket:[family=2:type=2:protocol=17] 0x8913 http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/centos5.5/domain_policy.conf?v=policy-sample So, I think nothing to change for TOMOYO. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists