All of lore.kernel.org
 help / color / mirror / Atom feed
From: Chris Wright <chrisw@osdl.org>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Roger Luethi <rl@hellgate.ch>,
	William Lee Irwin III <wli@holomorphy.com>,
	Andrew Morton <akpm@osdl.org>,
	lkml <linux-kernel@vger.kernel.org>,
	Albert Cahalan <albert@users.sourceforge.net>,
	"Martin J. Bligh" <mbligh@aracnet.com>, Paul Jackson <pj@sgi.com>,
	James Morris <jmorris@redhat.com>, Chris Wright <chrisw@osdl.org>
Subject: Re: [1/1][PATCH] nproc v2: netlink access to /proc information
Date: Thu, 9 Sep 2004 13:48:54 -0700	[thread overview]
Message-ID: <20040909134854.B1924@build.pdx.osdl.net> (raw)
In-Reply-To: <1094760065.22014.328.camel@moss-spartans.epoch.ncsc.mil>; from sds@epoch.ncsc.mil on Thu, Sep 09, 2004 at 04:01:06PM -0400

* Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> Well, it isn't that easy, or at least I don't think it is.  The problem
> is that there is no way presently to convey the sender's security
> credentials (beyond the existing uid, cap information), since the LSM
> patches for adding security fields and hooks for managing skb security
> fields were rejected.  The best we can do at present is pass along the
> sender pid, uid, and cap, and the security module can look up the pid if
> it chooses to get the security field (but is naturally subject to races
> in that situation).
> 
> Most obvious place to hook would be nproc_ps_get_task; we could then
> perform a check based on the sender's credentials and the target task's
> credentials, and simply return NULL if permission is not granted for
> that pair, thus skipping that task as if it didn't exist.  That requires
> propagating the sender's credentials down to that function.
> 
> Untested patch below.
> 
> Index: linux-2.6/include/linux/security.h
> ===================================================================
> RCS file: /nfshome/pal/CVS/linux-2.6/include/linux/security.h,v
> retrieving revision 1.37
> diff -u -p -r1.37 security.h
> --- linux-2.6/include/linux/security.h	16 Jun 2004 14:49:42 -0000	1.37
> +++ linux-2.6/include/linux/security.h	9 Sep 2004 19:38:23 -0000
> @@ -632,6 +632,13 @@ struct swap_info_struct;
>   * 	security attributes, e.g. for /proc/pid inodes.
>   *	@p contains the task_struct for the task.
>   *	@inode contains the inode structure for the inode.
> + * @task_getstate:
> + * 	Check permission before getting the state of a task.
> + *      @pid contains the pid of the requesting process.
> + *	@p contains the task_struct for the target task.
> + *      @uid contains the uid of the requesting process.
> + *      @caps contains the capability set of the requesting process.
> + *      Return 0 if permission is granted.

Why caps?


thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

  reply	other threads:[~2004-09-09 20:53 UTC|newest]

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-08 18:40 [0/1][ANNOUNCE] nproc v2: netlink access to /proc information Roger Luethi
2004-09-08 18:41 ` [1/1][PATCH] " Roger Luethi
2004-09-09  0:35   ` William Lee Irwin III
2004-09-09  0:43     ` William Lee Irwin III
2004-09-09  1:15       ` William Lee Irwin III
2004-09-09  1:17         ` [1/2] rediff nproc v2 vs. 2.6.9-rc1-mm4 William Lee Irwin III
2004-09-09  1:21           ` [2/2] handle CONFIG_MMU=n and use new vm stats for CONFIG_MMU=y William Lee Irwin III
2004-09-09  1:22             ` William Lee Irwin III
2004-09-09  1:26             ` [3/2] round up text memory to the nearest page in fs/proc/task_mmu.c William Lee Irwin III
2004-09-09 18:43     ` [1/1][PATCH] nproc v2: netlink access to /proc information Roger Luethi
2004-09-09 18:49       ` William Lee Irwin III
2004-09-09 19:00         ` William Lee Irwin III
2004-09-09 19:02           ` [4/2] consolidate __task_mem() and __task_mem_cheap() William Lee Irwin III
2004-09-09 19:07             ` Roger Luethi
2004-09-09 19:15               ` [5/2] fix nommu VSZ reporting in consolidated task_mem() William Lee Irwin III
2004-09-09 19:11         ` [1/1][PATCH] nproc v2: netlink access to /proc information Roger Luethi
2004-09-09 19:23           ` William Lee Irwin III
2004-09-09 21:19             ` Roger Luethi
2004-09-10 15:30             ` Roger Luethi
2004-09-11 22:25           ` Albert Cahalan
2004-09-12  4:58             ` William Lee Irwin III
2004-09-14  5:59             ` Roger Luethi
2004-09-14  6:18               ` William Lee Irwin III
2004-09-14  6:23                 ` William Lee Irwin III
2004-09-14  7:47                   ` Greg Ungerer
2004-09-14  8:27                     ` Roger Luethi
2004-09-09 11:53   ` Stephen Smalley
2004-09-09 17:22     ` William Lee Irwin III
2004-09-09 17:53       ` Roger Luethi
2004-09-09 20:01         ` Stephen Smalley
2004-09-09 20:48           ` Chris Wright [this message]
2004-09-10 12:11             ` Stephen Smalley
2004-09-09 20:55           ` Roger Luethi
2004-09-09 21:05             ` Chris Wright
2004-09-09 21:25             ` Roger Luethi
2004-09-11 22:36               ` Albert Cahalan
2004-09-12  5:00                 ` William Lee Irwin III
2004-09-14  6:44                 ` Roger Luethi
2004-09-14  7:10                   ` William Lee Irwin III
2004-09-14  7:55                     ` Roger Luethi
2004-09-14  8:01                       ` William Lee Irwin III
2004-09-14  9:27                         ` Roger Luethi
2004-09-14 15:37                           ` William Lee Irwin III
2004-09-14 16:01                             ` Roger Luethi
2004-09-14 16:37                               ` William Lee Irwin III
2004-09-14 17:15                                 ` Roger Luethi
2004-09-14 17:43                                   ` William Lee Irwin III
2004-09-14 18:45                                     ` Roger Luethi
2004-09-14 19:07                                       ` William Lee Irwin III
2004-09-14 19:31                                         ` Roger Luethi
2004-09-14 19:36                                           ` William Lee Irwin III
2004-09-14 19:50                                             ` Roger Luethi
2004-09-15 11:44                                         ` Roger Luethi
2004-09-15 20:02                                           ` Roger Luethi
2004-09-15 20:20                                             ` William Lee Irwin III
2004-09-15 20:33                                               ` Roger Luethi
2004-09-15 20:44                                               ` Roger Luethi
2004-09-14 18:37                                 ` Chris Wright
2004-09-14 18:55                                   ` Roger Luethi
2004-09-14 19:05                                     ` Chris Wright
2004-09-14 21:12                                       ` Roger Luethi
2004-09-09 20:44         ` Chris Wright
2004-09-16 21:43 ` nproc: So? Roger Luethi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040909134854.B1924@build.pdx.osdl.net \
    --to=chrisw@osdl.org \
    --cc=akpm@osdl.org \
    --cc=albert@users.sourceforge.net \
    --cc=jmorris@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mbligh@aracnet.com \
    --cc=pj@sgi.com \
    --cc=rl@hellgate.ch \
    --cc=sds@epoch.ncsc.mil \
    --cc=wli@holomorphy.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.