From: "Ryan Ware" <ware@linux.intel.com>
To: "'Stephen Smalley'" <sds@tycho.nsa.gov>,
"Sakkinen, Jarkko" <jarkko.sakkinen@intel.com>
Cc: "'Casey Schaufler'" <casey@schaufler-ca.com>,
<linux-kernel@vger.kernel.org>,
<linux-security-module@vger.kernel.org>
Subject: RE: [PATCH] Smack: Use secureexec with SMACK64EXEC
Date: Thu, 22 Sep 2011 12:33:40 +0900 [thread overview]
Message-ID: <014c01cc78d8$6e62a790$4b27f6b0$@linux.intel.com> (raw)
In-Reply-To: <1316625330.25495.66.camel@moss-pluto>
> -----Original Message-----
>
>
> bprm->unsafe isn't private to your security module, unlike e.g.
> bprm->cred->security. And it isn't intended to indicate that a
> secureexec is being performed, but instead as an indicator that a
> credential-changing exec may be unsafe. Which you presently ignore.
> Defining and setting a new flag in it will have interesting side effects,
> e.g. consider cap_bprm_secureexec, not to mention being a layering
> violation and a source of future conflicts.
>
> Why can't your bprm_secureexec hook just test isp->smk_task directly?
> It can reach it from the bprm. Or if you don't like testing it twice,
> then you could always add a flag to your struct referenced by
> bprm->cred->security, i.e. the smack_task struct.
>
> BTW, there is a lot more to do if you want SMACK64EXEC to be safe.
Thanks for the feedback Stephen. Could you be more detailed on what else you feel needs to be in place to make SMACK64EXEC safe?
Ryan
next prev parent reply other threads:[~2011-09-22 3:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-20 12:37 [PATCH] Smack: Use secureexec with SMACK64EXEC Jarkko Sakkinen
2011-09-21 17:15 ` Stephen Smalley
2011-09-22 3:33 ` Ryan Ware [this message]
2011-09-22 7:25 ` Sakkinen, Jarkko
2011-09-22 13:28 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='014c01cc78d8$6e62a790$4b27f6b0$@linux.intel.com' \
--to=ware@linux.intel.com \
--cc=casey@schaufler-ca.com \
--cc=jarkko.sakkinen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox