Re: Security issues with local filesystem caching

From: David Howells
Date: Wed Oct 25 2006 - 13:22:43 EST

Next message: Luming Yu: "Re: [PATCH 2.6.18-mm2] acpi: add backlight support to the sony_acpi driver"
Previous message: Jason Gunthorpe: "Re: [openib-general] Ordering between PCI config space writes and MMIO reads?"
In reply to: Jeff V. Merkey: "Re: Security issues with local filesystem caching"
Next in thread: Jeff V. Merkey: "Re: Security issues with local filesystem caching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jeff V. Merkey <jmerkey@xxxxxxxxxxxxxxxxxxxxx> wrote:

> SELinux support addresses all of these issues for B1 level security quite
> well with mandatory access controls at the fs layers. In fact, it works so
> well, when enabled you cannot even run apache on top of an FS unless
> configured properly.

How? The problem I've got is that the caching code would be creating and
accessing files and directories with the wrong security context - that of the
calling process - and not a context suitable for sharing things in the cache
whilst protecting them from userspace as best we can.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luming Yu: "Re: [PATCH 2.6.18-mm2] acpi: add backlight support to the sony_acpi driver"
Previous message: Jason Gunthorpe: "Re: [openib-general] Ordering between PCI config space writes and MMIO reads?"
In reply to: Jeff V. Merkey: "Re: Security issues with local filesystem caching"
Next in thread: Jeff V. Merkey: "Re: Security issues with local filesystem caching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]