[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160114214508.GA17098@imp.flyn.org>
Date: Thu, 14 Jan 2016 16:45:08 -0500
From: "W. Michael Petullo" <mike@...n.org>
To: Christoph Hellwig <hch@...radead.org>
Cc: linux-kernel@...r.kernel.org
Subject: Re: Walking a wait_queue_t list of tasks blocked on pipe
>> I am trying to write code to walk a wait_queue_t list as part of a LSM
>> file_permission function. The purpose is to act on each task which has
>> blocked while trying to read from a pipe.
> Just don't do that..
What we are trying to do is implement a research prototype for a simple
information-flow system using LSM. The idea is that processes become
tainted when they read objects marked as confidential and such processes
taint other processes based on further interaction.
The problem is that process A could open and block on reading
FIFO F before tainted process B writes to F (and causes F to become
confidential). Since A's LSM hooks fire off before it blocks, A could
end up reading confidential data without itself being tainted.
So it seems that I need to either walk the list of blocked processes,
possibly tainting them, or insert a new LSM hook into pipe.c to support
rechecking the confidentiality level of the pipe after waking up but
before reading.
If this all seems a little crazy it is because we are early in the
prototyping process.
Thank you,
--
Mike
:wq
Powered by blists - more mailing lists