Re: SELinux metadata protection

All of lore.kernel.org
 help / color / mirror / Atom feed

From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: linux-security-module@wirex.com, "SELinux(NSA)" <selinux@tycho.nsa.gov>
Subject: Re: SELinux metadata protection
Date: Mon, 02 Jan 2006 14:56:40 +0900	[thread overview]
Message-ID: <43B8C098.30101@kaigai.gr.jp> (raw)
In-Reply-To: <20060101192707.GA19487@sergelap.austin.ibm.com>

Hi,

> Hmm, a question on behavior.
> 
> Let's say hallyn_t is allowed to write /var (var_t), but not to do
> getattr on /var/secret_process_is_running (secret_t).  If hallyn_t
> does ls /var/secret_process_is_running, he gets -ENOENT, but what
> should he get if he does 'touch /var/secret_process_is_running'?
> -EPERM obviously leaks information...

In my implementation, -ENOENT can be returned if he tries to create
new file with same name as existing unauthorized files.
Becase resolving filename is done before DAC permission checking,
and security_inode_lookup() is called inside path_walk().
(security_inode_permission() is called _after_ DAC permission checking.)

But I'm still thinking what is appropriate error code...

# I don't know whether it's true or not. I've heard that commercial Trusted OS
# creates a new file in separated namespace on such a situation.
# But it's obviously out of the scope of SELinux, I think.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2006-01-02  5:56 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <43B6C9E3.8020406@kaigai.gr.jp>
2006-01-01 15:38 ` SELinux metadata protection Serge E. Hallyn
2006-01-01 17:31   ` KaiGai Kohei
2006-01-01 17:48     ` Serge E. Hallyn
2006-01-02  6:02       ` KaiGai Kohei
2006-01-01 19:27 ` Serge E. Hallyn
2006-01-02  5:56   ` KaiGai Kohei [this message]
     [not found]   ` <43BC6E97.4000209@novell.com>
2006-01-05 14:37     ` Serge E. Hallyn
2006-01-02 19:06 schaufler-ca.com - Casey Schaufler
2006-01-03 15:46 ` Stephen Smalley
2006-01-04 16:01   ` KaiGai Kohei
2006-01-05 14:56   ` Serge E. Hallyn
2006-01-05 15:10     ` Stephen Smalley
2006-01-06  1:52       ` Joe Nall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43B8C098.30101@kaigai.gr.jp \
    --to=kaigai@kaigai.gr.jp \
    --cc=linux-security-module@wirex.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=serue@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.