lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F394AE9.8040104@schaufler-ca.com>
Date:	Mon, 13 Feb 2012 09:39:53 -0800
From:	Casey Schaufler <casey@...aufler-ca.com>
To:	Stanislav Kinsbursky <skinsbursky@...allels.com>
CC:	Serge Hallyn <serge.hallyn@...onical.com>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"jmorris@...ei.org" <jmorris@...ei.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"criu@...nvz.org" <criu@...nvz.org>,
	"linux-security-module@...r.kernel.org" 
	<linux-security-module@...r.kernel.org>,
	"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
	"eparis@...isplace.org" <eparis@...isplace.org>,
	"sds@...ho.nsa.gov" <sds@...ho.nsa.gov>
Subject: Re: [PATCH 0/5] IPC: checkpoint/restore in userspace enhancements

On 2/13/2012 8:48 AM, Stanislav Kinsbursky wrote:
> 13.02.2012 20:11, Serge Hallyn пишет:
>> Quoting Stanislav Kinsbursky (skinsbursky@...allels.com):
>>> 10.02.2012 22:29, Casey Schaufler пишет:
>>>> On 2/9/2012 10:01 AM, Stanislav Kinsbursky wrote:
>>>>> This patch set aimed to provide additional functionality for all 
>>>>> IPC objects,
>>>>> which is required for migration these objects by user-space 
>>>>> checkpoint/restore
>>>>> utils.
>>>>> The main problem here was impossibility to set up object id. This 
>>>>> patch set
>>>>> solves the problem in two steps:
>>>>> 1) Makes it possible to create new object (shared memory, 
>>>>> semaphores set or
>>>>> messages queue) with ID, equal to passed key.
>>>>> 2) Makes it possible to change existent object key.
>>>>
>>>> Is there any chance you might include the LSM data as well?
>>>>
>>>
>>> Sorry, but I don't understand your question.
>>> What is this "LSM"? Linux Shared Memory? If yes, and you mean SYSV
>>> IPC SHM, then where do you want to include it?
>>
>> He means linux security modules.  (see include/linux/security.h)
>
> Ok, thanks for explanation.
> Casey, what exactly you are asking about? Am I going to implement 
> security_*_set() functions?
>

The IPC objects are queer beasts in that they are both
volatile and persistent. If you restart a process that
uses IPC objects they may have to be recreated, which is
what your code is doing. If the system is using an LSM
there may be information attached to the IPC object that
can not be derived from the process being restarted.

That's a roundabout way of saying yes, you may need to
implement security_sem_set and friends
security_{sem,shm,msg}_[ge]et(). The good news is that
I know of at least one other project that is looking
to implement those functions for unrelated reasons.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ