Re: [RFC][PATCH 4/11] security: AppArmor - Core access controls

On Wed, 2006-04-19 at 10:49 -0700, Tony Jones wrote:
> +/**
> + * _aa_perm_dentry
> + * @active: profile to check against
> + * @dentry: requested dentry
> + * @mask: mask of requested operations
> + * @pname: pointer to hold matched pathname (if any)
> + *
> + * Helper function.  Obtain pathname for specified dentry. 

which namespace will this be in?

> Verify if profile
> + * authorizes mask operations on pathname (due to lack of vfsmnt it is sadly
> + * necessary to search mountpoints in namespace -- when nameidata is passed
> + * more fully, this code can go away).  If more than one mountpoint matches
> + * but none satisfy the profile, only the first pathname (mountpoint) is
> + * returned for subsequent logging.

that sounds too bad ;) 
If I manage to mount /etc/passwd as /tmp/passwd, you'll only find the
later and your entire security system seems to be down the drain.
> +/**
> + * aa_register - register a new program
> + * @filp: file of program being registered
> + *
> + * Try to register a new program during execve().  This should give the
> + * new program a valid subdomain.
> + */
> +int aa_register(struct file *filp)
> +{
> +	char *filename;
> +	struct subdomain *sd;
> +	struct aaprofile *active;
> +	struct aaprofile *newprofile = NULL, unconstrained_flag;
> +	int 	error = -ENOMEM,
> +		exec_mode = 0,
> +		find_profile = 0,
> +		find_profile_mandatory = 0,
> +		complain = 0;
> +
> +	AA_DEBUG("%s\n", __FUNCTION__);
> +
> +	sd = AA_SUBDOMAIN(current->security);
> +
> +	if (sd) {
> +		complain = SUBDOMAIN_COMPLAIN(sd);
> +	} else {
> +		/* task has no subdomain.  This can happen when a task is
> +		 * created when subdomain is not loaded.  Allocate and
> +		 * attach a subdomain to the task
> +		 */
> +		sd = alloc_subdomain(current);
> +		if (!sd) {
> +			AA_WARN("%s: Failed to allocate subdomain\n",
> +				__FUNCTION__);
> +			goto out;
> +		}
> +
> +		current->security = sd;
> +	}
> +
> +	filename = aa_get_name(filp->f_dentry, filp->f_vfsmnt);

what if filp->f_dentry is NULL ?
like when the file got unlinked under you?


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RFC][PATCH 4/11] security: AppArmor - Core access controls
    • From: Tony Jones <[email protected]>
  • Re: [RFC][PATCH 4/11] security: AppArmor - Core access controls
    • From: Crispin Cowan <[email protected]>

• References:
  • [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Tony Jones <[email protected]>
  • [RFC][PATCH 4/11] security: AppArmor - Core access controls
    • From: Tony Jones <[email protected]>

• Prev by Date: Re: [patch 1/3] acpi: dock driver
• Next by Date: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
• Previous by thread: [RFC][PATCH 4/11] security: AppArmor - Core access controls
• Next by thread: Re: [RFC][PATCH 4/11] security: AppArmor - Core access controls
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]