From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: "schaufler-ca.com - Casey Schaufler" <casey@schaufler-ca.com>,
linux-security-module@wirex.com, selinux@tycho.nsa.gov
Subject: Re: SELinux metadata protection
Date: Thu, 05 Jan 2006 01:01:38 +0900 [thread overview]
Message-ID: <43BBF162.4010403@kaigai.gr.jp> (raw)
In-Reply-To: <1136303210.27632.65.camel@moss-spartans.epoch.ncsc.mil>
Thanks for your comments.
OK, I understood positioning of filename in SELinux.
I wanted to confirm whether it was metadata or not at first
because it seems to me a bit unclarity.
Drop previous two patches.
>>Casey takes a deep breath...
>>
>>The filename is not an attribute of the file.
>>The pathname components are data contained
>>in directory entries. The association of path name
>>to inode number is one way. There is no association
>>of path name from file. Really. This is the thing
>>that make audit hard.
>>
>>Yes, I know "It's obvious". It's just not true.
>
>
> The world is ending because I agree with Casey on this one...
> The filename is not an attribute of the file, and we do not want this
> type of filtering on directory reads. Use the permissions on the
> directory itself to control who can see the names it contains. It is
> the data container for the filenames.
>
> Use polyinstantiation aka Multi-Level Directories aka moldy directories
> for shared directories like /tmp.
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-01-04 16:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-02 19:06 SELinux metadata protection schaufler-ca.com - Casey Schaufler
2006-01-03 15:46 ` Stephen Smalley
2006-01-04 16:01 ` KaiGai Kohei [this message]
2006-01-05 14:56 ` Serge E. Hallyn
2006-01-05 15:10 ` Stephen Smalley
2006-01-06 1:52 ` Joe Nall
[not found] <43B6C9E3.8020406@kaigai.gr.jp>
2006-01-01 15:38 ` Serge E. Hallyn
2006-01-01 17:31 ` KaiGai Kohei
2006-01-01 17:48 ` Serge E. Hallyn
2006-01-02 6:02 ` KaiGai Kohei
2006-01-01 19:27 ` Serge E. Hallyn
2006-01-02 5:56 ` KaiGai Kohei
[not found] ` <43BC6E97.4000209@novell.com>
2006-01-05 14:37 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43BBF162.4010403@kaigai.gr.jp \
--to=kaigai@kaigai.gr.jp \
--cc=casey@schaufler-ca.com \
--cc=linux-security-module@wirex.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.