From: David Howells <dhowells@redhat.com>
To: "Jeff V. Merkey" <jmerkey@wolfmountaingroup.com>
Cc: Nate Diller <nate.diller@gmail.com>,
sds@tycho.nsa.gov, jmorris@namei.org, chrisw@sous-sol.org,
selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org,
aviro@redhat.com, Christoph Hellwig <hch@infradead.org>
Subject: Re: Security issues with local filesystem caching
Date: Wed, 25 Oct 2006 18:21:16 +0100 [thread overview]
Message-ID: <25083.1161796876@redhat.com> (raw)
In-Reply-To: <453F9555.1050201@wolfmountaingroup.com>
Jeff V. Merkey <jmerkey@wolfmountaingroup.com> wrote:
> SELinux support addresses all of these issues for B1 level security quite
> well with mandatory access controls at the fs layers. In fact, it works so
> well, when enabled you cannot even run apache on top of an FS unless
> configured properly.
How? The problem I've got is that the caching code would be creating and
accessing files and directories with the wrong security context - that of the
calling process - and not a context suitable for sharing things in the cache
whilst protecting them from userspace as best we can.
David
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
WARNING: multiple messages have this Message-ID (diff)
From: David Howells <dhowells@redhat.com>
To: "Jeff V. Merkey" <jmerkey@wolfmountaingroup.com>
Cc: Nate Diller <nate.diller@gmail.com>,
sds@tycho.nsa.gov, jmorris@namei.org, chrisw@sous-sol.org,
selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org,
aviro@redhat.com, Christoph Hellwig <hch@infradead.org>
Subject: Re: Security issues with local filesystem caching
Date: Wed, 25 Oct 2006 18:21:16 +0100 [thread overview]
Message-ID: <25083.1161796876@redhat.com> (raw)
In-Reply-To: <453F9555.1050201@wolfmountaingroup.com>
Jeff V. Merkey <jmerkey@wolfmountaingroup.com> wrote:
> SELinux support addresses all of these issues for B1 level security quite
> well with mandatory access controls at the fs layers. In fact, it works so
> well, when enabled you cannot even run apache on top of an FS unless
> configured properly.
How? The problem I've got is that the caching code would be creating and
accessing files and directories with the wrong security context - that of the
calling process - and not a context suitable for sharing things in the cache
whilst protecting them from userspace as best we can.
David
next prev parent reply other threads:[~2006-10-25 17:21 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-25 10:14 Security issues with local filesystem caching David Howells
2006-10-25 10:14 ` David Howells
2006-10-25 16:52 ` Nate Diller
2006-10-25 16:52 ` Nate Diller
2006-10-25 16:48 ` Jeff V. Merkey
2006-10-25 17:21 ` David Howells [this message]
2006-10-25 17:21 ` David Howells
2006-10-25 17:42 ` Jeff V. Merkey
2006-10-25 18:15 ` David Howells
2006-10-25 18:15 ` David Howells
2006-10-25 20:21 ` Josef Sipek
2006-10-25 20:28 ` Josef Sipek
2006-10-26 9:56 ` David Howells
2006-10-26 9:56 ` David Howells
2006-10-27 15:54 ` Josef Sipek
2006-10-25 21:12 ` Stephen Smalley
2006-10-25 21:12 ` Stephen Smalley
2006-10-26 10:40 ` David Howells
2006-10-26 10:40 ` David Howells
2006-10-26 12:51 ` Stephen Smalley
2006-10-26 12:51 ` Stephen Smalley
2006-10-26 16:04 ` David Howells
2006-10-26 16:04 ` David Howells
2006-10-26 16:34 ` Stephen Smalley
2006-10-26 16:34 ` Stephen Smalley
2006-10-26 17:09 ` David Howells
2006-10-26 17:09 ` David Howells
2006-10-26 17:45 ` Stephen Smalley
2006-10-26 17:45 ` Stephen Smalley
2006-10-26 22:53 ` David Howells
2006-10-26 22:53 ` David Howells
2006-10-27 14:48 ` Stephen Smalley
2006-10-27 14:48 ` Stephen Smalley
2006-10-27 15:42 ` David Howells
2006-10-27 15:42 ` David Howells
2006-10-27 16:10 ` Stephen Smalley
2006-10-27 16:10 ` Stephen Smalley
2006-10-27 16:25 ` David Howells
2006-10-27 16:25 ` David Howells
2006-10-27 17:09 ` Stephen Smalley
2006-10-27 17:09 ` Stephen Smalley
2006-10-27 17:34 ` David Howells
2006-10-27 17:34 ` David Howells
2006-10-27 14:41 ` David Howells
2006-10-27 14:41 ` David Howells
2006-10-27 15:03 ` Stephen Smalley
2006-10-27 16:12 ` David Howells
2006-10-27 16:37 ` Stephen Smalley
2006-10-27 17:28 ` David Howells
2006-10-27 18:10 ` Stephen Smalley
2006-10-30 15:13 ` David Howells
2006-10-31 16:19 ` David Howells
2006-10-31 16:51 ` Stephen Smalley
2006-10-31 19:21 ` David Howells
2006-10-25 23:37 ` Alan Cox
2006-10-26 0:32 ` Al Viro
2006-10-26 10:45 ` David Howells
2006-10-26 10:45 ` David Howells
2006-10-26 10:54 ` Alan Cox
2006-10-26 9:14 ` Jan Dittmer
2006-10-26 10:55 ` David Howells
2006-10-26 10:55 ` David Howells
2006-10-26 11:52 ` Alan Cox
2006-10-31 21:26 ` David Howells
2006-10-31 21:26 ` David Howells
2006-11-01 13:28 ` Stephen Smalley
2006-11-01 13:28 ` Stephen Smalley
2006-11-01 15:34 ` David Howells
2006-11-01 15:34 ` David Howells
2006-11-01 15:58 ` Karl MacMillan
2006-11-01 15:58 ` Karl MacMillan
2006-11-01 17:45 ` Stephen Smalley
2006-11-01 17:45 ` Stephen Smalley
2006-11-02 16:29 ` Karl MacMillan
2006-11-02 16:29 ` Karl MacMillan
2006-11-02 18:04 ` Stephen Smalley
2006-11-02 18:04 ` Stephen Smalley
2006-11-01 17:30 ` Stephen Smalley
2006-11-01 17:30 ` Stephen Smalley
2006-11-02 17:16 ` David Howells
2006-11-02 17:16 ` David Howells
2006-11-02 19:49 ` Trond Myklebust
2006-11-02 20:38 ` David Howells
2006-11-02 20:38 ` David Howells
2006-11-02 21:24 ` Trond Myklebust
2006-11-03 10:27 ` David Howells
2006-11-03 10:27 ` David Howells
2006-11-03 13:41 ` Trond Myklebust
2006-11-03 15:23 ` David Howells
2006-11-03 15:23 ` David Howells
2006-11-03 17:30 ` Trond Myklebust
2006-11-14 19:22 ` David Howells
2006-11-14 19:22 ` David Howells
2006-11-15 14:05 ` Trond Myklebust
2006-11-15 15:28 ` David Howells
2006-11-15 15:28 ` David Howells
2006-11-15 16:41 ` Trond Myklebust
2006-11-15 18:17 ` David Howells
2006-11-15 18:17 ` David Howells
2006-11-03 15:33 ` David Howells
2006-11-03 15:33 ` David Howells
2006-11-02 20:33 ` Stephen Smalley
2006-11-02 20:33 ` Stephen Smalley
2006-11-02 21:05 ` David Howells
2006-11-02 21:05 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25083.1161796876@redhat.com \
--to=dhowells@redhat.com \
--cc=aviro@redhat.com \
--cc=chrisw@sous-sol.org \
--cc=hch@infradead.org \
--cc=jmerkey@wolfmountaingroup.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nate.diller@gmail.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.