Re: [PATCH] split security_key_alloc into two functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-03-28 at 07:53 -0600, Serge E. Hallyn wrote:
> Quoting Stephen Smalley ([email protected]):
> > Are you sure that the key cannot be accessed (looked up) by another
> > process as soon as it is assigned a serial number?  If it can be, then
> > you risk having it accessed before its security structure is set up.
> 
> Ah, that makes sense, and even rings a bell.
> 
> So if we were to add a post_alloc() hook, it should likely go into
> key_alloc_serial() under the key_serial_lock?
> 
> Still assuming that storing the serial number is desirable...

I'm not sure how/why SELinux would want that information, as we would
just be labeling the key based on its creator (possibly via a transition
computation to allow derived types), and then later possibly support
explicit labeling by security-aware applications as permitted by policy.
Serial number wouldn't be used for access control, and audit is being
handled separately these days (e.g. one might introduce audit hooks to
collect the serial number at the right points for later inclusion in
audit records emitted at syscall exit).

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux