From: Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
To: Miklos Szeredi <miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org>
Cc: apparmor-nLRlyDuq1AZFpShjVBNYrg@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
LSM
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
draht-IBi9RG/b67k@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: security_path hooks for xattr
Date: Thu, 26 Jan 2012 08:04:28 -0800 [thread overview]
Message-ID: <4F21798C.5040205@schaufler-ca.com> (raw)
In-Reply-To: <87fwf2y6mw.fsf-d8RdFUjzFsbxNFs70CDYszOMxtEWgIxa@public.gmane.org>
On 1/26/2012 4:45 AM, Miklos Szeredi wrote:
> Forwarding from an internal bug report:
>
> "AppArmor does not mediate the xattr system calls for confined processes.
>
> As a consequence, a confined process can cross the confinement privilege
> boundary by reading or writing to extended attributes that the confined
> task should not have access to. The restrictions for security and user
> attributes read and write still apply according to DAC; however, this
> does not comply with the claim of AppArmor to mediate fipe
> operations. The use of extended attributes is very flexible, so that the
> effect of a missing mediation can lead to false assumptions in
> subsequent policy decisions (eCryptfs)."
>
> AFAIU this boils down to missing security hooks in *xattr().
>
> Would it be possible to add these hooks?
Please post proposed patches to linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
>
> Thanks,
> Miklos
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
AppArmor mailing list
AppArmor-nLRlyDuq1AZFpShjVBNYrg@public.gmane.org
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
WARNING: multiple messages have this Message-ID (diff)
From: Casey Schaufler <casey@schaufler-ca.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: john.johansen@canonical.com, apparmor@lists.ubuntu.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
draht@suse.com, LSM <linux-security-module@vger.kernel.org>
Subject: Re: security_path hooks for xattr
Date: Thu, 26 Jan 2012 08:04:28 -0800 [thread overview]
Message-ID: <4F21798C.5040205@schaufler-ca.com> (raw)
In-Reply-To: <87fwf2y6mw.fsf@tucsk.pomaz.szeredi.hu>
On 1/26/2012 4:45 AM, Miklos Szeredi wrote:
> Forwarding from an internal bug report:
>
> "AppArmor does not mediate the xattr system calls for confined processes.
>
> As a consequence, a confined process can cross the confinement privilege
> boundary by reading or writing to extended attributes that the confined
> task should not have access to. The restrictions for security and user
> attributes read and write still apply according to DAC; however, this
> does not comply with the claim of AppArmor to mediate fipe
> operations. The use of extended attributes is very flexible, so that the
> effect of a missing mediation can lead to false assumptions in
> subsequent policy decisions (eCryptfs)."
>
> AFAIU this boils down to missing security hooks in *xattr().
>
> Would it be possible to add these hooks?
Please post proposed patches to linux-security-module@vger.kernel.org
>
> Thanks,
> Miklos
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
next prev parent reply other threads:[~2012-01-26 16:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-26 12:45 security_path hooks for xattr Miklos Szeredi
[not found] ` <87fwf2y6mw.fsf-d8RdFUjzFsbxNFs70CDYszOMxtEWgIxa@public.gmane.org>
2012-01-26 16:04 ` Casey Schaufler [this message]
2012-01-26 16:04 ` Casey Schaufler
2012-01-26 21:57 ` John Johansen
2012-01-26 21:57 ` John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F21798C.5040205@schaufler-ca.com \
--to=casey-isgtlc1asvqwg2llvl+j4a@public.gmane.org \
--cc=apparmor-nLRlyDuq1AZFpShjVBNYrg@public.gmane.org \
--cc=draht-IBi9RG/b67k@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.