Re: compute_creds fixup in -mm

From: Stephen Smalley
Date: Wed Apr 21 2004 - 15:12:06 EST

Next message: James Simmons: "Re: Change number of tty devices"
Previous message: Sam Ravnborg: "Re: [PATCH] s390 (7/9): oprofile for s390."
In reply to: Andy Lutomirski: "Re: compute_creds fixup in -mm"
Next in thread: Chris Wright: "Re: compute_creds fixup in -mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-04-21 at 15:37, Andy Lutomirski wrote:
> I was worried about sid changing but uid and caps staying the same if
> a ptrace_detach or _exit happens between the cap_bprm_apply_creds call
> and the rest of selinux_bprm_apply_creds. Remember the sendmail bug --
> program failure due to lack of capabilities can cause privilege leaks
> (in this case selinux sid leaks).

That particular issue shouldn't be a problem, as SELinux security
transitions aren't controlled by Linux capabilities and SELinux
specifically controls code execution (both entry into a domain and
ability to execute anything else without changing domains). However, I
do agree that it could yield an unexpected failure in the program that
would be harmful, so I'm in favor of checking the state only once.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Simmons: "Re: Change number of tty devices"
Previous message: Sam Ravnborg: "Re: [PATCH] s390 (7/9): oprofile for s390."
In reply to: Andy Lutomirski: "Re: compute_creds fixup in -mm"
Next in thread: Chris Wright: "Re: compute_creds fixup in -mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]