Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Apr 18, 2006, at 21:48:56, Casey Schaufler wrote:
--- James Morris <[email protected]> wrote:
With pathnames, there is an unbounded and unknown number of effective security policies on the system, as there are an unbounded and unknown number of ways of viewing the files via pathnames.

I agree that for traditional DAC and MAC (including the flavors supported by SELinux) inodes is the only way to go. SELinux is a traditional Trusted OS architecture and addresses the traditional Trusted OS issues.

Perhaps the SELinux model should be extended to handle (dir-inode, path-entry) pairs. For example, if I want to protect the /etc/shadow file regardless of what tool is used to safely modify it, I would set up security as follows:

o Protect the "/" and "/etc" directory inodes as usual under SELinux (with attributes on directory inodes). o Create pairs with (etc_inode,"shadow") and (etc_inode,"gshadow") and apply security attributes to those potentially nonexistent pairs.

I'm not terribly familiar with the exact internal semantics of SELinux, but that should provide a 90% solution (it fixes bind mounts and namespaces). The remaining 2 issues are hardlinks and fd- passing. For hardlinks you don't care about other links to that data, you're concerned with protecting a particular filesystem location, not particular contents, so you just need to prevent _new_ hardlinks to a protected (dir_inode, path_elem) pair, which doesn't seem very hard. For fd-passing, I don't know what to do. Perhaps nothing.

Anyways, just a few ideas for consideration

Kyle Moffett

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at
Please read the FAQ at

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux