lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <29644.1415371754@warthog.procyon.org.uk>
Date:	Fri, 07 Nov 2014 14:49:14 +0000
From:	David Howells <dhowells@...hat.com>
To:	Casey Schaufler <casey@...aufler-ca.com>
Cc:	dhowells@...hat.com, linux-unionfs@...r.kernel.org,
	selinux@...ho.nsa.gov, linux-fsdevel@...r.kernel.org,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/7] Security: Provide copy-up security hooks for unioned files

Casey Schaufler <casey@...aufler-ca.com> wrote:

> > + * @inode_copy_up:
> > + *	Generate the secid associated with the destination inode when a unioned
> 
> NAK.
> 
> You can't just deal with the access label, nor can you assume that there
> is exactly one. Don't use secids. ...

Okay, I've changed the documentation to:

 * @inode_copy_up:
 *	Appropriately label the destination inode when a unioned file is copied
 *	up from a lower layer to the union/overlay layer.
 *	@src indicates the file that is being copied up.
 *	@dst indicates the file that has being created by the copy up.
 *	Returns 0 on success or a negative error code on error.

> > + * @inode_copy_up_xattr:
> > + *	Filter/modify the xattrs being copied up when a unioned file is copied
> > + *	up from a lower layer to the union/overlay layer.
> > + *	@src indicates the file that is being copied up.
> > + *	@dst indicates the file that has being created by the copy up.
> > + *	@name indicates the name of the xattr.
> > + *	@value, *@...e indicate the payload of the xattr.
> > + *	Returns 0 to accept the xattr, 1 to discard the xattr or a negative
> > + *	error code to abort the copy up.  The xattr buffer must be at least
> > + *	XATTR_SIZE_MAX in capacity and the contents may be modified and *@...e
> > + *	changed appropriately.
>
> Who is going to call this?

Anyone that copies up a file from the lower layer in a union to an upper
layer.  Overlayfs for example.  Unionmount for another.

> How are is the caller going to know all the xattr names that matter?

The caller has no idea.  That's why it presents them all here.

> > +static int cap_inode_copy_up_xattr(struct dentry *src, struct dentry *dst,
> > +				   const char *name, void *value, size_t *size)
> > +{
> > +	return 0;
> > +}
> > +
> 
> Does this mean that without LSM help no xattrs ever get copied?

No.  This is merely a filter.  The caller reads the xattr, presents them to
this hook and then, if not asked to discard, writes the xattr.  I've added a
bit to the end of the comment to this effect.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ