From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@redhat.com>, Al Viro <viro@ftp.linux.org.uk>,
James Morris <jmorris@namei.org>,
linux-kernel@vger.kernel.org, davem@redhat.com, jack@suse.cz,
dwmw2@infradead.org, tony.luck@intel.com, jdike@karaya.com,
James.Bottomley@HansenPartnership.com
Subject: Re: How to lock current->signal->tty
Date: Tue, 08 Aug 2006 19:10:11 +0100 [thread overview]
Message-ID: <1155060611.5729.112.camel@localhost.localdomain> (raw)
In-Reply-To: <1155059046.1123.120.camel@moss-spartans.epoch.ncsc.mil>
Ar Maw, 2006-08-08 am 13:44 -0400, ysgrifennodd Stephen Smalley:
> SELinux is just revalidating access to the tty when the task changes
> contexts upon execve, and resetting the tty if the task is no longer
> allowed to use it. Likewise with the open file descriptors that would
> be inherited. No clearing of the ttys of other tasks required as far as
> SELinux is concerned, although that might not fit with normal semantics.
The kernel requires you end up with a session leader etc so an exec that
loses rights by the session leader does indeed match disassociate_ctty I
guess. The ctty is a bit of an odd thing in the Unix world and perhaps
something that shouldn't have happened in that it gives you ability to
do things even if you have no fd to it.
Alan
next prev parent reply other threads:[~2006-08-08 17:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-08 15:17 How to lock current->signal->tty Alan Cox
2006-08-08 15:10 ` Arjan van de Ven
2006-08-08 15:44 ` Alan Cox
2006-08-08 16:41 ` Luck, Tony
2006-08-08 17:50 ` Alan Cox
2006-08-09 8:09 ` Jes Sorensen
2006-08-09 10:44 ` Alan Cox
2006-08-09 11:26 ` Jes Sorensen
2006-08-09 16:24 ` Luck, Tony
2006-08-09 18:10 ` Jes Sorensen
2006-08-08 22:06 ` Jan Kara
2006-08-08 17:11 ` Stephen Smalley
2006-08-08 17:43 ` Alan Cox
2006-08-08 17:44 ` Stephen Smalley
2006-08-08 18:10 ` Alan Cox [this message]
2006-08-08 20:02 ` Stephen Smalley
2006-08-13 21:34 ` Jan Kara
-- strict thread matches above, loose matches on Subject: below --
2006-08-09 4:01 Albert Cahalan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1155060611.5729.112.camel@localhost.localdomain \
--to=alan@lxorguk.ukuu.org.uk \
--cc=James.Bottomley@HansenPartnership.com \
--cc=davem@redhat.com \
--cc=dwmw2@infradead.org \
--cc=eparis@redhat.com \
--cc=jack@suse.cz \
--cc=jdike@karaya.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=tony.luck@intel.com \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox