From: Joshua Brindle <method@gentoo.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: russell@coker.com.au, Daniel J Walsh <dwalsh@redhat.com>,
Steve Grubb <sgrubb@redhat.com>, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: Real simple cache that removes most of the lookups in mcstrans
Date: Sat, 20 May 2006 17:47:40 -0400 [thread overview]
Message-ID: <446F8E7C.8010503@gentoo.org> (raw)
In-Reply-To: <1148047642.25168.107.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> On Fri, 2006-05-19 at 09:51 -0400, Joshua Brindle wrote:
>
>> Russell Coker wrote:
>>
>>> If an application such as "ls" gets a copy of the translation data then there
>>> is no point in writing the library code such that the data can not be
>>> (easily) displayed a second time. The information once available is presumed
>>> to have already been displayed to the user or stored in a way such that it
>>> can be obtained in another manner.
>>>
>>>
>> If that were true we wouldn't revoke access to file descriptors (or
>> files) after a policy reload.
>>
>
> Not the same thing. Revoking data != revoking object capabilities. The
> data has already leaked. Revoking the object capability prevents
> reading of _new_ data from the object, and writing of data to the
> object. But the already read data has already migrated into the state
> of the client.
>
That is a tricky distinction. AFAIK the servers that do access control
for translations essentially treat the translation itself as the object
(by using the untranslated context as the target object with a specific
object class). I understand that you can't revoke access to the data in
a file that a program read, only further access to the file. And I know
that the client can cache the information outside of the library. My
point is that if the access changes the client potentially won't know
because the library is transparently caching the information and not
consulting the server.
>
>> And you are still ignoring the case where
>> the translation actually changes. My worry isn't ls (which is one-shot,
>> and executes quickly most of the time), _anything_ that uses this
>> library code now caches the answer and if its a long running process
>> then it has no way of knowing when translations have changed or access
>> has been revoked.
>>
>
> Notifications of changes to the translations make sense for correctness.
> Not so much of an access control issue
Understood, however, if the client is providing a translation service
for a user (or other application) it should get notification if that
user/app should no longer be able to see the translation, right? The
translations are treated like objects in this scheme, unless I'm
misunderstanding something.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-05-20 21:47 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-17 10:45 Real simple cache that removes most of the lookups in mcstrans Daniel J Walsh
2006-05-17 12:26 ` Steve Grubb
2006-05-17 13:52 ` Joshua Brindle
2006-05-17 15:03 ` Daniel J Walsh
2006-05-17 15:15 ` Joshua Brindle
2006-05-17 16:21 ` Daniel J Walsh
2006-05-17 17:09 ` Joshua Brindle
2006-05-17 17:30 ` Steve Grubb
2006-05-17 17:32 ` Joshua Brindle
2006-05-19 13:32 ` Russell Coker
2006-05-19 13:51 ` Joshua Brindle
2006-05-19 14:07 ` Stephen Smalley
2006-05-19 14:40 ` Russell Coker
2006-05-20 21:47 ` Joshua Brindle [this message]
2006-05-21 3:31 ` Russell Coker
2006-05-22 18:04 ` Stephen Smalley
2006-05-17 16:22 ` James Antill
[not found] ` <1147879972.3469.139.camel@code.and.org>
2006-05-17 16:19 ` Daniel J Walsh
2006-05-17 16:56 ` James Antill
2006-05-17 17:06 ` Stephen Smalley
2006-05-18 16:21 ` Daniel J Walsh
2006-05-17 18:22 ` Daniel J Walsh
2006-05-22 20:45 ` Stephen Smalley
2006-05-17 18:35 ` Resent with correct patch Daniel J Walsh
2006-05-17 18:44 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=446F8E7C.8010503@gentoo.org \
--to=method@gentoo.org \
--cc=dwalsh@redhat.com \
--cc=russell@coker.com.au \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.