On Sat, 10 Nov 2007, Andi Kleen wrote:
Crispin Cowan <[email protected]> writes:
The document should be a good base for a merge.
* A confined process can operate on a file descriptor passed to it
by an unconfined process, even if it manipulates a file not in the
confined process's profile. To block this attack, confine the
process that passed the file descriptor.
That is the only thing that tripped me up a bit while reading the document.
Can you expand a bit on the reasons why the fd is not rechecked in
the context of the target process? Best do it in a new version of the
document.
from prior discussions I understand that the problem is that it's not easy
(or nessasarily possible) to figure out the path to the fd, so what do you
check?
if the file has been removed there _is_ no path to the fd.
with hard links there could be many paths to the fd, the only way to find
them would be to search the entire filesystem.
as a result App Armor has decided not to try and address this, but is
documenting it as a limitation.
David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
