Ar Iau, 2006-08-24 am 08:32 -0500, ysgrifennodd Serge E. Hallyn:
> > You also have to deal with existing mmap() mappings and outstanding I/O.
>
> That she does.
I don't believe so from the patches.
> > SysV shared memory
>
> standard mmap controls should handle this, right?
No its rather independant of mmap
> > mmap
>
> She handles these.
I must have missed where it handles that.
> thread #2 is reading data from a pipe which is at a secret level, so how
> will it exploit that? It can't write it to a lower integrity file...
Ok my example isn't quite right - I can create the pipes and do the
blocking in other patterns to get the result I mean. The problem is that
I can be blocked in a driver write() method before you raise the
security level and no change at the VFS level will be early enough to
stop it.
Another example would be
Type ^S
thread #1
write(console, padding, internalbuffersize);
write(console, secret_buffer, data) [blocks]
thread #2
sleep to be sure #1 is blocked
open secret file
read(secret, secret_buffer, data);
Type ^Q
By the time you raise the security level due to the action of thread #2
I'm already blocked in tty_do_write() and have passed any vfs checks.
> The revoke(2) isn't quite right semantically, because it would revoke
> all users' access, right? Rather, we want one process' rights to all
> files revoked, but other read/writers should still have access.
The core is the same, the question of specifically what you revoke is
different.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
