From: David Caplan <dac@tresys.com>
To: Chad Hanson <chanson@tcs-sec.com>
Cc: "Stephen Smalley (E-mail)" <sds@epoch.ncsc.mil>,
"SE Linux (E-mail)" <SELinux@tycho.nsa.gov>
Subject: Re: Process Transition
Date: Fri, 12 Mar 2004 13:01:46 -0500 [thread overview]
Message-ID: <4051FB0A.8060909@tresys.com> (raw)
In-Reply-To: <791924EBDA572C4FA970D4A94AA95DA3115410@chaos.tcs.tcs-sec.com>
Luckily it doesn't have any effect on the computation of the access
vector. If the transition permission bit was _not_ set (and some other
permission was set to make avd->allowed evaluate to non zero, i.e. the
bug case), and the other conditions were true, the net effect is no
different than if the code were correct. A little extra code is run,
but no access is granted or illegal transition permitted.
Nice find! (It's also present in checkpolicy's version of services.c,
where it also has no net effect).
Chad Hanson wrote:
> We found a piece of process transition code that should be updated to work
> as expected.
>
> In ss/services.c context_struct_compute_av() the following should be
> changed:
>
> if (tclass == SECCLASS_PROCESS &&
> bug >> avd->allowed && PROCESS__TRANSITION &&
> scontext->role != tcontext->role) {
> for (ra = policydb.role_allow; ra; ra = ra->next) {
> if (scontext->role == ra->role &&
> tcontext->role == ra->new_role)
> break;
> }
> if (!ra)
> avd->allowed = (avd->allowed) &
> ~(PROCESS__TRANSITION);
> }
>
> it should be
>
> if (tclass == SECCLASS_PROCESS &&
> avd->allowed & PROCESS__TRANSITION &&
> scontext->role != tcontext->role) {
>
> -Chad
> _______________________________________________________________
> Chad Hanson mailto:chanson@tcs-sec.com
> Trusted Computer Solutions Phone: 217-384-0028 x12
> 121 W Goose Alley Fax: 217-384-0288
> Urbana IL 61801
>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2004-03-12 18:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-11 20:49 Process Transition Chad Hanson
2004-03-12 17:52 ` Stephen Smalley
2004-03-12 18:01 ` David Caplan [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-05-14 20:06 selinux
2003-05-15 1:10 ` Frank Mayer
2003-05-15 1:13 ` Frank Mayer
2003-05-15 12:31 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4051FB0A.8060909@tresys.com \
--to=dac@tresys.com \
--cc=SELinux@tycho.nsa.gov \
--cc=chanson@tcs-sec.com \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.