Re: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path

On Mer, 2006-04-19 at 22:36 -0700, Tony Jones wrote:
> "system root".  When a task chroots relative to it's current namespace, we
> are interested in the path back to the root of that namespace, rather than
> to the chroot.  I believe the patch as stands achieves this, albeit with
> some changing of comments.

If the directory the task is in has been deleted then what is its path
relative to the namespace ? This isn't theoretical because if your
security profiles work on the basis of this path but do not prevent the
deletion of the current directory or some node above it (or doing
mkdir/chdir/rmdir sequences) an app may be able to subvert it by doing
this deliberately.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- [RFC][PATCH 0/11] security: AppArmor - Overview
  - From: Tony Jones <[email protected]>
- [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path
  - From: Tony Jones <[email protected]>
- Re: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path
  - From: Christoph Hellwig <[email protected]>
- Re: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path
  - From: Tony Jones <[email protected]>

Prev by Date: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
Next by Date: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
Previous by thread: Re: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path
Next by thread: [RFC][PATCH 9/11] security: AppArmor - Audit changes
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]