Re: 2.6.6-rc3: modular DVB tda1004x broken

From: Stephen Smalley
Date: Tue May 04 2004 - 07:22:14 EST

Next message: carmelo: "As Seen on CNN, the Winningest CAS1N0! jan softball}"
Previous message: Stephen Smalley: "Re: [PATCH][SELINUX] Re-open descriptors closed on exec by SELinuxto /dev/null"
In reply to: Jörn Engel: "Re: 2.6.6-rc3: modular DVB tda1004x broken"
Next in thread: Andi Kleen: "Re: 2.6.6-rc3: modular DVB tda1004x broken"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2004-05-03 at 17:54, viro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
wrote:
> f) potentially racy flush_unauthorized_files() in selinux code - uses
> sys_close() in a strange way.

The SELinux flush_unauthorized_files code is based on flush_old_files in
fs/exec.c. It is only executed upon a SID/context transition to flush
files that are not authorized for the new SID/context, and sharing of
the open file table across such transitions requires a share permission
that is only allowed where absolutely necessary, e.g. kernel->init. Do
we need to change the code?

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: carmelo: "As Seen on CNN, the Winningest CAS1N0! jan softball}"
Previous message: Stephen Smalley: "Re: [PATCH][SELINUX] Re-open descriptors closed on exec by SELinuxto /dev/null"
In reply to: Jörn Engel: "Re: 2.6.6-rc3: modular DVB tda1004x broken"
Next in thread: Andi Kleen: "Re: 2.6.6-rc3: modular DVB tda1004x broken"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]