lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2455443.WUExuKDC0I@sifl>
Date:	Fri, 07 Nov 2014 16:22:58 -0500
From:	Paul Moore <paul@...l-moore.com>
To:	David Howells <dhowells@...hat.com>
Cc:	linux-unionfs@...r.kernel.org, selinux@...ho.nsa.gov,
	linux-fsdevel@...r.kernel.org,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/7] Security: Provide copy-up security hooks for unioned files

On Wednesday, November 05, 2014 03:42:28 PM David Howells wrote:
> Provide two new security hooks for use with security files that are used
> when a file is copied up between layers:
> 
>  (1) security_inode_copy_up().  This is called so that the security label on
> the destination file can be set appropriately.
> 
>  (2) security_inode_copy_up_xattr().  This is called so that each xattr
> being copied up can be vetted - including modification and discard.

This didn't occur to me earlier, but we may want to pick a different phrase to 
use instead of "copy_up" as that has a special meaning for some security/MLS 
folks (although strangely enough, I suspect most of these copy-on-write 
operations will be "copy up" in the MLS sense of the word).

How about "security_inode_copy_overlay" or something like that?

> + * @inode_copy_up_xattr:
> + *	Filter/modify the xattrs being copied up when a unioned file is 
> ...copied
> + *	up from a lower layer to the union/overlay layer.
> + *	@src indicates the file that is being copied up.
> + *	@dst indicates the file that has being created by the copy up.
> + *	@name indicates the name of the xattr.
> + *	@value, *@...e indicate the payload of the xattr.
> + *	Returns 0 to accept the xattr, 1 to discard the xattr or a negative
> + *	error code to abort the copy up.  The xattr buffer must be at least
> + *	XATTR_SIZE_MAX in capacity and the contents may be modified and 
> ....*@...e
> + *	changed appropriately.

Just so I'm clean, if the LSM wanted to modify the xattr it would modify 
@value/@...e and return 0?

-- 
paul moore
www.paul-moore.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ