From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
To: Toshiharu Harada <haradats@gmail.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
hch@infradead.org, linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, jmorris@namei.org,
sds@tycho.nsa.gov, eparis@redhat.com, casey@schaufler-ca.com,
agruen@suse.de, jjohansen@suse.de,
penguin-kernel@i-love.sakura.ne.jp, viro@zeniv.linux.org.uk,
linux-kernel@vger.kernel.org
Subject: Re: [patch 01/15] security: pass path to inode_create
Date: Mon, 2 Jun 2008 19:51:52 +0400 [thread overview]
Message-ID: <20080602155152.GA18257@2ka.mipt.ru> (raw)
In-Reply-To: <9d732d950806020831h1b8aeabag9cb6db8e16bac971@mail.gmail.com>
On Tue, Jun 03, 2008 at 12:31:14AM +0900, Toshiharu Harada (haradats@gmail.com) wrote:
> > This is a really interesting flame, can you proceed,
> > we will run for cola and peanuts :)
>
> Let me quote a message by Chris Wright from LSM ml:
> "You cannot discover the path used to access an inode without knowing
> both the dentry and the vfsmount objects. "
Depending on what path you really want. If you want it related to bind
mount, you can (trivially). And even full path with vfsmount with
additional work.
Without any single additional patch on top of security system.
It maybe a bit slower, more complex, duplicate, whatever...
Active security was never a fast solution and was never a compromiss
between those who like it and who do not.
Technically you can be inside created limits and formally do not change
security model, but in practice implement you lovely path based security
checks.
> Another one by Stephen Smalley:
> "Pathname-based security considered harmful. You want to control access
> to an object, not a name, and the name-to-object mapping is neither
> one-to-one nor immutable."
For those who care exactly about path, they do not want to have security
checks for object, which was there. As addition, selinux
maintainer/architector opinion is a bit biassed :)
> Can you guess when they were posted?
> The answer is December 2003. :)
> Do we need more time? I don't think so.
Apparently we do :)
> I'm viewing Miklos' patches as *enhancements* not only for AppArmor (and
> other pathname-based LSM modules). Everyone can make use of
> information and lose nothing. Am I too simple minded?
What I wanted to say, is that people who do want to implement theirs
idea, will find a way to do it without breaking other approach.
With additional changes, with more complex approach, more code and
possibly some duplication/optimization/whatever.
So, if people continue to kick theirs head to the wall, they want
exactly that flame, that void talks and so on :)
--
Evgeniy Polyakov
next prev parent reply other threads:[~2008-06-02 15:51 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-29 13:49 [patch 00/15] security: pass path instead of inode to security ops Miklos Szeredi
2008-05-29 13:49 ` [patch 01/15] security: pass path to inode_create Miklos Szeredi
2008-05-31 8:30 ` Christoph Hellwig
2008-05-31 10:48 ` Tetsuo Handa
2008-06-01 20:52 ` Miklos Szeredi
2008-06-02 6:01 ` Christoph Hellwig
2008-06-02 7:02 ` Miklos Szeredi
2008-06-02 9:13 ` Christoph Hellwig
2008-06-02 9:32 ` Miklos Szeredi
2008-06-02 9:36 ` Christoph Hellwig
2008-06-02 9:52 ` Miklos Szeredi
2008-06-02 10:42 ` Christoph Hellwig
2008-06-02 10:55 ` Miklos Szeredi
2008-06-02 11:04 ` Pekka Enberg
2008-06-02 11:13 ` Miklos Szeredi
2008-06-02 15:05 ` Evgeniy Polyakov
2008-06-02 15:31 ` Toshiharu Harada
2008-06-02 15:51 ` Evgeniy Polyakov [this message]
2008-06-02 16:29 ` Toshiharu Harada
2008-06-02 16:52 ` Evgeniy Polyakov
2008-06-02 23:37 ` Toshiharu Harada
2008-06-03 6:08 ` Miklos Szeredi
2008-06-02 18:59 ` Serge E. Hallyn
2008-06-02 10:04 ` Andreas Gruenbacher
2008-06-02 11:23 ` Matthew Wilcox
2008-06-02 11:34 ` Miklos Szeredi
2008-06-02 11:52 ` Miklos Szeredi
2008-06-02 12:32 ` Matthew Wilcox
2008-06-02 12:45 ` Andreas Gruenbacher
2008-06-02 12:49 ` Matthew Wilcox
2008-06-02 13:24 ` Andreas Gruenbacher
2008-06-14 8:27 ` Tetsuo Handa
2008-06-03 13:43 ` Stephen Smalley
2008-06-04 5:09 ` Tetsuo Handa
2008-05-29 13:49 ` [patch 02/15] security: pass path to inode_mknod Miklos Szeredi
2008-05-29 13:49 ` [patch 03/15] security: pass path to inode_mkdir Miklos Szeredi
2008-05-29 13:49 ` [patch 04/15] security: pass path to inode_rmdir Miklos Szeredi
2008-05-29 13:49 ` [patch 05/15] security: pass path to inode_unlink Miklos Szeredi
2008-05-29 13:49 ` [patch 06/15] security: pass path to inode_symlink Miklos Szeredi
2008-05-29 13:49 ` [patch 07/15] security: pass path to inode_link Miklos Szeredi
2008-05-29 13:49 ` [patch 08/15] security: pass path to inode_rename Miklos Szeredi
2008-05-29 13:49 ` [patch 09/15] security: pass path to inode_setattr Miklos Szeredi
2008-05-29 13:49 ` [patch 10/15] security: pass path to inode_getxattr Miklos Szeredi
2008-05-29 13:49 ` [patch 11/15] security: pass path to inode_listxattr Miklos Szeredi
2008-05-29 13:49 ` [patch 12/15] security: pass path to inode_setxattr Miklos Szeredi
2008-05-29 13:49 ` [patch 13/15] security: pass path to inode_removexattr Miklos Szeredi
2008-05-29 13:49 ` [patch 14/15] vfs: more path_permission() conversions Miklos Szeredi
2008-05-29 13:49 ` [patch 15/15] security: pass path to inode_permission Miklos Szeredi
2008-05-30 13:37 ` [patch 00/15] security: pass path instead of inode to security ops Tetsuo Handa
2008-05-30 17:17 ` Miklos Szeredi
2008-05-31 0:33 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080602155152.GA18257@2ka.mipt.ru \
--to=johnpol@2ka.mipt.ru \
--cc=agruen@suse.de \
--cc=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=haradats@gmail.com \
--cc=hch@infradead.org \
--cc=jjohansen@suse.de \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).