From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com, netfilter-devel@vger.kernel.org,
Thomas Graf <tgraf@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>,
Eric Paris <eparis@parisplace.org>,
Patrick McHardy <kaber@trash.net>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH 2nd revision] Add SELinux context support to AUDIT target
Date: Mon, 06 Jun 2011 14:10:48 +0100 [thread overview]
Message-ID: <4DECD1D8.60804@googlemail.com> (raw)
In-Reply-To: <201106060853.57940.sgrubb@redhat.com>
> Exactly my point. There is no leak if its text or numeric.
>
No, there is no leak if it is a text, but there *is* a leak if it is a
numeric. I think I've made that quite clear.
>> As for exposing the (internal) numerical representation of the secctx - this was
>> discussed previously and the approach you are suggesting was dropped. To quote
>> Eric on this very issue "[It] exports the internal secid to userspace.
>> These are dynamic, can change on lsm changes, and have no meaning in
>> userspace. We should instead be sending lsm contexts to userspace
>> instead.".
>>
>
> Doesn't matter. The requirements of the protection profiles say to log the object's
> label.
> It does not care if its text or numeric. It also does not say sometimes or only
> when its convenient. :)
Again, I disagree. Logging the internal numerical representation of
secctx is, as I have already stated about 3 times by now, exposing
internal (private-to-the-kernel-only) information to userspace. That
cannot be allowed.
Besides, this numerical representation isn't reliable - these numbers
are dynamic and can change - another reason why they should not be
allowed to be present in the audit log. What happens if I make changes
to my security policy and then run ausearch/aureport? I am either going
to see different (wrong!) context reported if ausearch/aureport attempts
to "convert" those numbers into SELinux context, or, I am going to see
meaningless numbers. Either way, useless or misleading information is
going to be reported and we don't want that, do we?
> Its either important enough to log even if text conversion
> fails or its not important enough to log at all.
>
That is exactly what the current patch does - if secctx is present (and
retrievable) it is logged, if not, then it isn't. Quite simple really.
next prev parent reply other threads:[~2011-06-06 13:10 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-20 1:09 [PATCH] Add SELinux context support to AUDIT target Mr Dash Four
2011-05-26 16:49 ` Pablo Neira Ayuso
2011-05-26 17:03 ` Mr Dash Four
2011-05-26 17:44 ` Pablo Neira Ayuso
2011-06-04 15:12 ` [PATCH 2nd revision] " Mr Dash Four
2011-06-05 23:06 ` Pablo Neira Ayuso
2011-06-06 12:02 ` Mr Dash Four
2011-06-06 23:20 ` Pablo Neira Ayuso
2011-06-07 8:18 ` Mr Dash Four
2011-06-07 9:12 ` Pablo Neira Ayuso
2011-06-07 10:32 ` [PATCH 3rd " Mr Dash Four
2011-06-08 14:49 ` Steve Grubb
2011-06-08 16:12 ` Mr Dash Four
2011-06-08 17:14 ` Steve Grubb
2011-06-08 18:04 ` Mr Dash Four
2011-06-08 18:13 ` Casey Schaufler
2011-06-08 18:33 ` Eric Paris
2011-06-08 19:00 ` Mr Dash Four
2011-06-08 19:08 ` Eric Paris
2011-06-08 19:14 ` Mr Dash Four
2011-06-08 19:28 ` Steve Grubb
2011-06-08 19:39 ` Eric Paris
2011-06-09 12:28 ` Patrick McHardy
2011-06-09 12:52 ` Eric Paris
2011-06-09 12:56 ` Patrick McHardy
2011-06-09 14:08 ` Mr Dash Four
2011-06-09 15:06 ` Eric Paris
2011-06-09 15:16 ` Mr Dash Four
2011-06-16 8:36 ` Mr Dash Four
2011-06-18 12:08 ` [PATCH 4th " Mr Dash Four
2011-06-20 12:20 ` Steve Grubb
2011-06-20 14:21 ` Mr Dash Four
2011-06-20 14:27 ` Eric Paris
2011-06-30 11:35 ` Patrick McHardy
2011-06-08 18:36 ` [PATCH 3rd " Steve Grubb
2011-06-08 18:45 ` Mr Dash Four
2011-06-06 12:14 ` [PATCH 2nd " Steve Grubb
2011-06-06 12:25 ` Mr Dash Four
2011-06-06 12:30 ` Steve Grubb
2011-06-06 12:42 ` Mr Dash Four
2011-06-06 12:53 ` Steve Grubb
2011-06-06 13:10 ` Mr Dash Four [this message]
2011-06-06 23:22 ` Pablo Neira Ayuso
2011-06-07 0:59 ` Steve Grubb
2011-06-07 1:23 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DECD1D8.60804@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=eparis@parisplace.org \
--cc=kaber@trash.net \
--cc=linux-audit@redhat.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sgrubb@redhat.com \
--cc=tgraf@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.