From: Stephen Smalley <sds@tycho.nsa.gov>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: "David P. Quigley" <dpquigl@tycho.nsa.gov>,
Greg KH <greg@kroah.com>,
linux-kernel@vger.kernel.org, Greg KH <gregkh@suse.de>,
Jan Blunck <jblunck@suse.de>, James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>,
David Howells <dhowells@redhat.com>
Subject: Re: [patch 00/13] devtmpfs patches
Date: Wed, 13 May 2009 08:57:51 -0400 [thread overview]
Message-ID: <1242219471.9974.18.camel@localhost.localdomain> (raw)
In-Reply-To: <ac3eb2510905130558s493d8c9m667348d183c97721@mail.gmail.com>
On Wed, 2009-05-13 at 14:58 +0200, Kay Sievers wrote:
> On Wed, May 13, 2009 at 14:22, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>
> > I think you'll actually need to switch credentials around the entire
> > sequence starting from vfs_path_lookup() and going through the
> > vfs_mknod() call in order to avoid any denials from vfs_path_lookup,
> > vfs_mkdir (via create_path), and vfs_mknod.
> >
> > Then the same issue applies to devtmpfs_delete_node() to prevent unlink
> > denials against the current process when a node is removed, similarly
> > wrapping everything from the vfs_path_lookup() through the final
> > delete_path() call.
>
> Ok, good, will do that. Anything like this to keep in mind when
> creating/removing simple subdirectories?
Yes, any time you call any vfs helper (and thus are subject to the
permission checking calls, both DAC and LSM/SELinux), you need to decide
whether you truly want those permission checks to get applied against
the current process' credentials or whether you should be using
alternate credentials for the call. If on the other hand you can
perform your operations at a lower level (e.g. direct calls to the
underlying inode operations), then you don't have to be concerned with
the permission checking, but there is still the issue of ownership and
file security labeling for any new files/directories you create, so even
there you may need to establish different credentials to avoid
unwittingly creating those files with the uid/security context of
whatever the current process happens to be.
--
Stephen Smalley
National Security Agency
next prev parent reply other threads:[~2009-05-13 13:05 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090509142601.874865281@blue.kroah.org>
2009-05-09 14:37 ` [patch 00/13] devtmpfs patches Greg KH
2009-05-09 14:26 ` [patch 01/13] Driver Core: add nodename callbacks Greg KH
2009-05-10 12:52 ` Stephen Rothwell
2009-05-10 13:19 ` Kay Sievers
2009-05-11 20:51 ` Greg KH
2009-05-09 14:26 ` [patch 02/13] Driver Core: misc: add nodename support for misc devices Greg KH
2009-05-15 19:58 ` Pavel Machek
2009-05-18 14:34 ` Greg KH
2009-05-18 19:59 ` Pavel Machek
2009-05-18 20:28 ` Alan Cox
2009-05-09 14:26 ` [patch 03/13] Driver Core: usb: add nodename support for usb drivers Greg KH
2009-05-09 14:26 ` [patch 04/13] Driver Core: block: add nodename support for block drivers Greg KH
2009-05-09 14:26 ` [patch 05/13] Driver Core: x86: add nodename for cpuid and msr drivers Greg KH
2009-05-09 14:26 ` [patch 06/13] Driver Core: dvb: add nodename for dvb drivers Greg KH
2009-05-09 14:26 ` [patch 07/13] Driver Core: input: add nodename for input drivers Greg KH
2009-05-09 14:26 ` [patch 08/13] Driver Core: sound: add nodename for sound drivers Greg KH
2009-05-09 14:26 ` [patch 09/13] Driver Core: raw: add nodename for raw devices Greg KH
2009-05-09 14:26 ` [patch 10/13] Driver Core: drm: add nodename for drm devices Greg KH
2009-05-09 14:26 ` [patch 11/13] Driver Core: aoe: add nodename for aoe devices Greg KH
2009-05-09 14:26 ` [patch 12/13] Driver Core: bsg: add nodename for bsg driver Greg KH
2009-05-09 14:26 ` [patch 13/13] Driver Core: devtmpfs - driver core maintained /dev tmpfs Greg KH
2009-05-09 15:10 ` [patch 00/13] devtmpfs patches Fabio Comolli
2009-05-09 15:08 ` Greg KH
2009-05-09 15:22 ` Arjan van de Ven
2009-05-09 16:19 ` Greg KH
2009-05-09 19:09 ` Arjan van de Ven
2009-05-10 4:34 ` Arjan van de Ven
2009-05-10 7:48 ` Eric W. Biederman
2009-05-10 14:56 ` Eric W. Biederman
2009-05-10 5:34 ` Andrew Morton
2009-05-10 15:20 ` Greg KH
2009-05-10 15:59 ` Arjan van de Ven
2009-05-10 18:31 ` Peter Zijlstra
2009-05-10 21:19 ` Alan Cox
2009-05-10 23:47 ` Kay Sievers
2009-05-11 0:00 ` Arjan van de Ven
[not found] ` <ac3eb2510905101822t7fde14b3nf2c689621f69c925@mail.gmail.com>
2009-05-11 2:36 ` Eric W. Biederman
2009-05-11 10:46 ` Kay Sievers
2009-05-11 10:55 ` Alan Cox
2009-05-11 11:34 ` Kay Sievers
2009-05-11 13:05 ` [patch 00/13] devtmpfs Arjan van de Ven
2009-05-11 13:28 ` Kay Sievers
2009-05-11 13:49 ` Arjan van de Ven
2009-05-11 14:59 ` Kay Sievers
2009-05-11 13:10 ` [patch 00/13] devtmpfs patches Alan Cox
2009-05-11 14:14 ` Kay Sievers
2009-05-11 14:30 ` Arjan van de Ven
2009-05-11 14:42 ` Kay Sievers
2009-05-11 15:53 ` Alan Cox
2009-05-11 16:28 ` Kay Sievers
2009-05-11 16:41 ` Arjan van de Ven
2009-05-11 17:32 ` Kay Sievers
2009-05-11 17:55 ` Alan Cox
2009-05-11 18:04 ` Kay Sievers
2009-05-11 18:40 ` Alan Cox
2009-05-11 16:56 ` Alan Cox
2009-05-11 18:13 ` Eric W. Biederman
2009-05-11 3:55 ` Arjan van de Ven
2009-05-11 11:49 ` Fabio Comolli
2009-05-11 17:47 ` Greg KH
2009-05-11 16:40 ` Eric W. Biederman
2009-05-11 17:16 ` Kay Sievers
2009-05-11 21:13 ` Eric W. Biederman
2009-05-11 1:00 ` Andrew Morton
2009-05-11 3:58 ` Arjan van de Ven
2009-05-11 17:45 ` Greg KH
2009-05-09 16:46 ` Kay Sievers
2009-05-09 17:11 ` Alan Cox
2009-05-09 18:09 ` Kay Sievers
2009-05-11 17:40 ` David P. Quigley
2009-05-11 17:56 ` Greg KH
2009-05-11 20:41 ` David P. Quigley
2009-05-11 21:05 ` Kay Sievers
2009-05-11 21:19 ` Alan Cox
2009-05-11 21:27 ` Kay Sievers
2009-05-12 12:45 ` Stephen Smalley
2009-05-12 15:10 ` Kay Sievers
2009-05-12 15:35 ` Stephen Smalley
2009-05-12 15:54 ` Kay Sievers
2009-05-12 22:55 ` Kay Sievers
2009-05-12 23:22 ` David P. Quigley
2009-05-12 23:34 ` Kay Sievers
2009-05-12 23:50 ` Greg KH
2009-05-13 12:22 ` Stephen Smalley
2009-05-13 12:58 ` Kay Sievers
2009-05-13 12:57 ` Stephen Smalley [this message]
2009-05-13 13:09 ` Kay Sievers
2009-05-13 12:59 ` Alan Cox
2009-05-13 13:20 ` David Howells
2009-05-13 13:34 ` Kay Sievers
2009-05-13 14:20 ` Kay Sievers
2009-05-13 14:35 ` Stephen Smalley
2009-05-13 16:45 ` Kay Sievers
2009-05-13 22:43 ` Eric W. Biederman
2009-05-13 23:10 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1242219471.9974.18.camel@localhost.localdomain \
--to=sds@tycho.nsa.gov \
--cc=dhowells@redhat.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=eparis@parisplace.org \
--cc=greg@kroah.com \
--cc=gregkh@suse.de \
--cc=jblunck@suse.de \
--cc=jmorris@namei.org \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox