Re: r-o bind in nfsd

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Tetsuo Handa <penguin-kernel@...>

Cc: <miklos@...>, <viro@...>, <haveblue@...>, <linux-fsdevel@...>, <linux-kernel@...>, <akpm@...>, <hch@...>, <linux-security-module@...>, <jmorris@...>

Subject: Re: r-o bind in nfsd

Date: Tuesday, March 25, 2008 - 6:32 pm

On Tue, March 25, 2008 10:45 pm, Tetsuo Handa wrote:
quoted text> Hello.
>
>> Maybe some enhancement to the 'intent' structure with a similar
>> effect could be done instead.
>>
>> Then you could, presumably, put a security hook somewhere in
>> link_path_walk for those modules (like AppArmor) which want to do
>> checks based on the namespace.
>
> I think link_path_walk() is not a good place to insert new LSM hooks
> for pathname based access control (AppArmor and TOMOYO) purpose because
>
>   (1) The kernel don't know what operation (open/create/truncate etc.)
> will be
>       done at the moment of link_path_walk().

Though the 'indent' data structure could be used to carry this information.

quoted text>
>   (2) Not all operations call link_path_walk() before these operations
>       are done. For example, ftruncate() doesn't call link_path_walk().

But do you want to impose path-name based controls to ftruncate?
Surely once you have a file open for write (not O_APPEND), then no
other permission is required to truncate the file, is it?
If it is, then maybe the 'struct file' should be tagged at open time
to say whether 'truncate' is allowed.

quoted text>
>   (3) The rename() and link() operations handle two pathnames.
>       But, it is not possible to know both pathnames at the moment of
>       link_path_walk().

Not an insolvable problem.
One could imagine an implementation where a TYPE_RENAME_FROM security
check produced a cookie that was consumed by a TYPE_RENAME_TO security
check.  The cookie could then be used by the security module to
make any connection between the two names that might be appropriate.

quoted text>
> I think we need to introduce new LSM hooks outside link_path_walk().
> http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024
>
<rant>
I suspect we would be much better off removing all the security hooks.
Security done at that level seems to be way too complex such that most
people don't really understand it.  And people who don't understand
security don't use it.
We'd be much better off getting rid of the whole "micro-manage security"
concept and provide isolation via some sort of high level container
approach.
</rant>

NeilBrown

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: r-o bind in nfsd, Neil Brown, (Mon Mar 24, 10:52 pm)

Re: r-o bind in nfsd, Tetsuo Handa, (Tue Mar 25, 7:45 am)

Re: r-o bind in nfsd, NeilBrown, (Tue Mar 25, 6:32 pm)

Re: r-o bind in nfsd, Stephen Smalley, (Wed Mar 26, 8:04 am)

Re: r-o bind in nfsd, Serge E. Hallyn, (Wed Mar 26, 12:47 pm)

Re: r-o bind in nfsd, James Morris, (Wed Mar 26, 5:35 pm)

Re: r-o bind in nfsd, Serge E. Hallyn, (Wed Mar 26, 8:29 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
David Miller	Slow DOWN, please!!!
KAMEZAWA Hiroyuki	Re: 2.6.22-rc1-mm1
Steven Rostedt	[RFC PATCH 1/3] Unified trace buffer
Steven Rostedt	[RFC PATCH 0/6] Convert all tasklets to workqueues
git:
Peter Klavins	Re: CRLF problems with Git on Win32
J. Bruce Fields	Re: Git User's Survey 2007 unfinished summary continued
Linus Torvalds	Re: VCS comparison table
Junichi Uekawa	Re: [ANNOUNCE] GIT 1.5.4
linux-netdev:
Arjan van de Ven	Re: [GIT]: Networking
Rémi	[PATCH 0/6] [RFC] Phonet pipes protocol (v2)
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Jozsef Kadlecsik	Re: TCP connection stalls under 2.6.24.7
openbsd-misc:
Richard Stallman	Real men don't attack straw men
Rogier Krieger	Re: bcw(4) is gone
Leon Dippenaar	New tcp stack attack
Brandon Lee	DELL PERC 5iR slow performance

Latest forum posts


high memory	5 hours ago	Linux kernel
semaphore access speed	8 hours ago	Applications and Utilities
the kernel how to power off the machine	9 hours ago	Linux kernel
Easter Eggs in windows XP	12 hours ago	Windows
Shared swap partition	13 hours ago	Linux general
Root password	13 hours ago	Linux general
Where/when DNOTIFY is used?	15 hours ago	Linux kernel
How to convert Linux Kernel built-in module into a loadable module	17 hours ago	Linux kernel
Linux 2.6.24 and I/O schedulers	18 hours ago	Linux kernel
USB Driver -- Interrupt Polling -- A Little Help Please	23 hours ago	Linux general

Show all forums...

Recent Tags

bugs Linux 2.6.27 Intel Linus Torvalds 2.6.27-rc8 quote -rc8 -rc

more tags

Colocation donated by:

Online users

Syndicate