Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions.

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Casey Schaufler

Subject: Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions.

Date: Tuesday, September 30, 2008 - 7:33 pm

Serge E. Hallyn wrote:
quoted text> Quoting Kentaro Takeda (takedakn@nttdata.co.jp):
>   
>> Serge E. Hallyn wrote:
>>     
>>> Unfortunately I think that is a shortcoming in the security_path_*
>>> patchset.  Unfortunate bc that is going to be a pain to work out.
>>>       
>> Thanks for your constructive and tough suggestion. ;-)
>>
>>     
>>> So for starters,
>>> both vfs_mknod and vfs_create do may_create, so just pull that
>>> into the callers.
>>>       
>> Do you mean that we should move DAC code to all the caller of vfs_* ? 
>>     
>
> That's not reasonable, is it.
>
> The rule thus far has been 'DAC before MAC'.  Question to all:  do we
> insist on keeping it that way?
>
> If the answer is yes, then the security_path_hooks patch is inherently
> wrong.
>
> If the answer is no, then Kentaro doesn't need to resort to this
> ugliness to try and get may_delete() called before his MAC code, only to
> have may_delete() called a second time from the vfs_* functions.
>
> -serge
>
>   

I have always believed that MAC should come first, then DAC, because
MAC may care if you can see the mode bits. The current DAC before MAC
is an artifact of the desire for the LSM to behave cleanly as a
strictly additional mechanism. From an ideal security perspective
MAC should be first, but the pragmatic DAC first isn't going to cause
too much grief. If Tomoyo wants to do what I think is the right thing,
well, it's OK with me.



--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Wed Sep 24, 2:03 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Thu Sep 25, 9:59 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Thu Sep 25, 10:38 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Fri Sep 26, 6:04 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Sun Sep 28, 9:04 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Tue Sep 30, 8:45 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Stephen Smalley, (Tue Sep 30, 9:14 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Tue Sep 30, 9:23 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Casey Schaufler, (Tue Sep 30, 7:33 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Valdis.Kletnieks, (Tue Sep 30, 10:05 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Wed Oct 1, 1:19 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Wed Oct 1, 1:23 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Wed Oct 1, 2:15 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Wed Oct 1, 10:04 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Thu Oct 2, 6:39 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Thu Oct 2, 11:37 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Fri Oct 3, 6:09 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Sun Oct 5, 7:19 pm)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Serge E. Hallyn, (Mon Oct 6, 9:54 am)

Re: [TOMOYO #9 (2.6.27-rc7-mm1) 1/6] LSM adapter functions., Kentaro Takeda, (Mon Oct 6, 11:28 pm)

Navigation

Popular discussions


linux-kernel:
FUJITA Tomonori	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Rafael J. Wysocki	[Bug #11287] Regression in 2.6.27-rc2 in acpi_processor_init()
Ingo Molnar	Re: [GIT PULL] time.c - respin
Ingo Molnar	Re: [PATCH] x86: silence section mismatch warning - uv_cpu_init
Alexander van Heukelum	Re: [PATCH] bitops: simplify generic bit finding functions
git:
Mark Junker	git on MacOSX and files with decomposed utf-8 file names
Junio C Hamano	Re: git-svnimport
Junio C Hamano	Re: [PATCH] Detached HEAD (experimental)
Johannes Schindelin	Re: [PATCH] Fix approxidate("never") to always return 0
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
linux-netdev:
Arnaldo Carvalho de Melo	Re: [PATCH 06/37] dccp: Limit feature negotiation to connection setup phase
Gerrit Renker	[PATCH 1/5] dccp: Initialisation framework for feature negotiation
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
Gerrit Renker	[PATCH 37/37] dccp: Debugging functions for feature negotiation
git-commits-head:
Linux Kernel Mailing List	ath9k_htc: Allocate URBs properly
Linux Kernel Mailing List	timer: Try to survive timer callback preempt_count leak
Linux Kernel Mailing List	powerpc/kexec: Add support for FSL-BookE
Linux Kernel Mailing List	V4L/DVB (8976): af9015: Add USB ID for AVerMedia A309
Linux Kernel Mailing List	ARM: 5670/1: bcmring: add default configuration for bcmring arch
openbsd-misc:
Stephen J. Bevan	GRE over IPsec
Christophe Rioux	Implementation example of snmp
Nick Holland	Re: booting openbsd on eee without cd-rom
Cabillot Julien	Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA
Guido Tschakert	Re: what exactly is enc0?

Colocation donated by:

Syndicate