[PATCH 4/5] selinux: Enhance selinux to always ignore private inodes.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Eric W. Biederman

Subject: [PATCH 4/5] selinux: Enhance selinux to always ignore private inodes.

Date: Thursday, February 8, 2007 - 4:02 pm

From: Stephen Smalley <sds@tycho.nsa.gov>

Hmmm...turns out to not be quite enough, as the /proc/sys inodes aren't
truly private to the fs, so we can run into them in a variety of
security hooks beyond just the inode hooks, such as
security_file_permission (when reading and writing them via the vfs
helpers), security_sb_mount (when mounting other filesystems on
directories in proc like binfmt_misc), and deeper within the security
module itself (as in flush_unauthorized_files upon inheritance across
execve).  So I think we have to add an IS_PRIVATE() guard within
SELinux, as below.  Note however that the use of the private flag here
could be confusing, as these inodes are _not_ private to the fs, are
exposed to userspace, and security modules must implement the sysctl
hook to get any access control over them.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

---
 security/selinux/hooks.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index de16b9f..ff9fccc 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1077,6 +1077,9 @@ static int inode_has_perm(struct task_struct *tsk,
 	struct inode_security_struct *isec;
 	struct avc_audit_data ad;
 
+	if (unlikely (IS_PRIVATE (inode)))
+		return 0;
+
 	tsec = tsk->security;
 	isec = inode->i_security;
 
-- 

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] sysctl selinux: Don't look at table->de, Eric W. Biederman, (Sun Jan 28, 12:21 pm)

Re: [PATCH] sysctl selinux: Don't look at table->de, Stephen Smalley, (Mon Jan 29, 6:04 am)

Re: [PATCH] sysctl selinux: Don't look at table->de, James Morris, (Mon Jan 29, 8:23 am)

Re: [PATCH] sysctl selinux: Don't look at table->de, Eric W. Biederman, (Mon Jan 29, 10:43 am)

Re: [PATCH] sysctl selinux: Don't look at table->de, Eric W. Biederman, (Mon Jan 29, 10:55 am)

Re: [PATCH] sysctl selinux: Don't look at table->de, Stephen Smalley, (Mon Jan 29, 11:43 am)

Re: [PATCH] sysctl selinux: Don't look at table->de, Casey Schaufler, (Mon Jan 29, 12:08 pm)

Re: [PATCH] sysctl selinux: Don't look at table->de, Eric W. Biederman, (Mon Jan 29, 12:16 pm)

Re: [PATCH] sysctl selinux: Don't look at table->de, Stephen Smalley, (Mon Jan 29, 12:26 pm)

Re: [PATCH] sysctl selinux: Don't look at table->de, Stephen Smalley, (Mon Jan 29, 1:07 pm)

Re: [PATCH] sysctl selinux: Don't look at table->de, Russell Coker, (Mon Jan 29, 4:28 pm)

Re: [PATCH] sysctl selinux: Don't look at table->de, Christoph Hellwig, (Tue Jan 30, 3:25 am)

Re: [PATCH] sysctl selinux: Don't look at table->de, Casey Schaufler, (Tue Jan 30, 10:19 am)

[PATCH 1/2] sysctl: Add a parent entry to ctl_table and se ..., Eric W. Biederman, (Tue Feb 6, 2:16 pm)

[PATCH 2/2] sysctl: Restore the selinux path based label l ..., Eric W. Biederman, (Tue Feb 6, 2:21 pm)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Stephen Smalley, (Wed Feb 7, 11:24 am)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Stephen Smalley, (Wed Feb 7, 2:12 pm)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Stephen Smalley, (Wed Feb 7, 2:54 pm)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Eric W. Biederman, (Wed Feb 7, 3:21 pm)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Eric W. Biederman, (Wed Feb 7, 6:57 pm)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Stephen Smalley, (Thu Feb 8, 8:01 am)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Stephen Smalley, (Thu Feb 8, 8:07 am)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Eric W. Biederman, (Thu Feb 8, 10:53 am)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Stephen Smalley, (Thu Feb 8, 11:13 am)

Re: [PATCH 2/2] sysctl: Restore the selinux path based lab ..., Eric W. Biederman, (Thu Feb 8, 3:17 pm)

[PATCH 0/5] sysctl cleanup selinux fixes, Eric W. Biederman, (Thu Feb 8, 3:51 pm)

[PATCH 1/5] sysctl: Remove declaration of nonexistent sys ..., Eric W. Biederman, (Thu Feb 8, 3:53 pm)

[PATCH 2/5] sysctl: Set the parent field in the root sysct ..., Eric W. Biederman, (Thu Feb 8, 3:54 pm)

[PATCH 3/5] sysctl: Fix the selinux_sysctl_get_sid, Eric W. Biederman, (Thu Feb 8, 3:55 pm)

[PATCH 4/5] selinux: Enhance selinux to always ignore priv ..., Eric W. Biederman, (Thu Feb 8, 4:02 pm)

[PATCH 5/5] sysctl: Hide the sysctl proc inodes from selinux., Eric W. Biederman, (Thu Feb 8, 4:04 pm)

Re: [PATCH 0/5] sysctl cleanup selinux fixes, Andrew Morton, (Fri Feb 9, 4:05 am)

Re: [PATCH 3/5] sysctl: Fix the selinux_sysctl_get_sid, Stephen Smalley, (Fri Feb 9, 5:24 am)

Re: [PATCH 4/5] selinux: Enhance selinux to always ignore ..., Stephen Smalley, (Fri Feb 9, 5:26 am)

Re: [PATCH 0/5] sysctl cleanup selinux fixes, Eric W. Biederman, (Fri Feb 9, 11:09 am)


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?