From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Amerigo Wang <amwang@redhat.com>,
linux-kernel@vger.kernel.org, esandeen@redhat.com,
eteo@redhat.com, eparis@redhat.com,
linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org,
viro@zeniv.linux.org.uk
Subject: Re: [Patch 1/2] selinux: ajust rules for ATTR_FORCE
Date: Tue, 18 Aug 2009 04:46:25 +0900 [thread overview]
Message-ID: <873a7q441a.fsf@devron.myhome.or.jp> (raw)
In-Reply-To: <1250536052.3629.154.camel@moss-pluto.epoch.ncsc.mil> (Stephen Smalley's message of "Mon, 17 Aug 2009 15:07:32 -0400")
Stephen Smalley <sds@tycho.nsa.gov> writes:
>> [I'm still not sure what selinux want to do. normally inode_permission()
>> should check truncate() permission, and this FILE__SIZE checks something
>> again...? And we want to check FILE__WRITE for ATTR_[AMC]TIME?]
>
> Explicit setting of mode, owner, group, or timestamps is to be checked
> by the setattr permission, while implicit setting of timestamps or size
> is mediated by the write permission.
E.g. mode change has implicit ATTR_CTIME change. So it meant, we should
check the both of FILE__SETATTR and FILE__WRITE?
> ATTR_FORCE is supposed to suppress permission checking altogether, and
> shouldn't be mixed with multiple attribute changes if some should be
> subject to permission checks while others should not.
I disagree. In fact, ATTR_FORCE is just used for ATTR_KILL_S[UG]ID, and
notify_change() is disallowing the mixed ATTR_MODE and ATTR_KILL_*. I
think it should be enough.
If ATTR_FORCE is confusable, I think we can just add new ATTR_FORCE_MODE
or ATTR_FORCE_KILL, and replace with current ATTR_FORCE. I'm ok either
way. But, with this change, ATTR_FORCE has no users.
Thanks.
--
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
next prev parent reply other threads:[~2009-08-17 19:46 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-17 7:07 [V4 Patch 0/2] fix file truncations when both suid and write permissions set Amerigo Wang
2009-08-17 7:07 ` [Patch 1/2] selinux: ajust rules for ATTR_FORCE Amerigo Wang
2009-08-17 8:46 ` Amerigo Wang
2009-08-17 12:15 ` Stephen Smalley
2009-08-17 18:46 ` OGAWA Hirofumi
2009-08-17 19:07 ` Stephen Smalley
2009-08-17 19:46 ` OGAWA Hirofumi [this message]
2009-08-17 19:56 ` Stephen Smalley
2009-08-17 20:11 ` OGAWA Hirofumi
2009-08-17 21:03 ` OGAWA Hirofumi
2009-08-18 6:56 ` Amerigo Wang
2009-08-18 7:39 ` OGAWA Hirofumi
2009-08-18 8:46 ` Amerigo Wang
2009-08-18 12:15 ` Stephen Smalley
2009-08-18 17:26 ` OGAWA Hirofumi
2009-08-19 2:34 ` Amerigo Wang
2009-08-17 7:07 ` [Patch 2/2] vfs: allow file truncations when both suid and write permissions set Amerigo Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873a7q441a.fsf@devron.myhome.or.jp \
--to=hirofumi@mail.parknet.co.jp \
--cc=akpm@linux-foundation.org \
--cc=amwang@redhat.com \
--cc=eparis@redhat.com \
--cc=esandeen@redhat.com \
--cc=eteo@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.