From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Toshiharu Harada" <haradats@gmail.com>
Subject: Re: [patch 01/15] security: pass path to inode_create
Date: Tue, 3 Jun 2008 00:31:14 +0900
Message-ID: <9d732d950806020831h1b8aeabag9cb6db8e16bac971@mail.gmail.com>
References: <20080531083052.GH24135@infradead.org>
	 <20080602060144.GA11564@infradead.org>
	 <E1K343a-0002dG-C9@pomaz-ex.szeredi.hu>
	 <20080602091341.GA8011@infradead.org>
	 <E1K36PE-0002wZ-0M@pomaz-ex.szeredi.hu>
	 <20080602093630.GA25254@infradead.org>
	 <E1K36ii-0002zj-Gn@pomaz-ex.szeredi.hu>
	 <20080602104203.GA21898@infradead.org>
	 <E1K37hN-00039y-5o@pomaz-ex.szeredi.hu>
	 <20080602150517.GB22400@2ka.mipt.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "Miklos Szeredi" <miklos@szeredi.hu>, hch@infradead.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, jmorris@namei.org,
	sds@tycho.nsa.gov, eparis@redhat.com, casey@schaufler-ca.com,
	agruen@suse.de, jjohansen@suse.de,
	penguin-kernel@i-love.sakura.ne.jp, viro@zeniv.linux.org.uk,
	linux-kernel@vger.kernel.org
To: "Evgeniy Polyakov" <johnpol@2ka.mipt.ru>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from ti-out-0910.google.com ([209.85.142.186]:30435 "EHLO
	ti-out-0910.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752181AbYFBPbS (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 2 Jun 2008 11:31:18 -0400
Received: by ti-out-0910.google.com with SMTP id b6so333678tic.23
        for <linux-fsdevel@vger.kernel.org>; Mon, 02 Jun 2008 08:31:15 -0700 (PDT)
In-Reply-To: <20080602150517.GB22400@2ka.mipt.ru>
Content-Disposition: inline
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

2008/6/3 Evgeniy Polyakov <johnpol@2ka.mipt.ru>:
> On Mon, Jun 02, 2008 at 12:55:33PM +0200, Miklos Szeredi (miklos@szeredi.hu) wrote:
>> Oh, I've been told.  But valid technical reason given?  No.
>
> This is a really interesting flame, can you proceed,
> we will run for cola and peanuts :)

Let me quote a message by Chris Wright from LSM ml:
"You cannot discover the path used to access an inode without knowing
both the dentry and the vfsmount objects. "

Another one by Stephen Smalley:
"Pathname-based security considered harmful.  You want to control access
to an object, not a name, and the name-to-object mapping is neither
one-to-one nor immutable."

Can you guess when they were posted?
The answer is December 2003. :)
Do we need more time? I don't think so.

I'm viewing Miklos' patches as *enhancements* not only for AppArmor (and
other pathname-based LSM modules). Everyone can make use of
information and lose nothing.  Am I too simple minded?

> For the technical reason: in case of stackable/bind, which path should
> be checked? Whatever answer is, there will always be another party,
> which wants different behaviour.

-- 
Toshiharu Harada
haradats@gmail.com