Re: Security issues with local filesystem caching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Howells wrote:

Jeff V. Merkey <[email protected]> wrote:

SELinux support addresses all of these issues for B1 level security quite
well with mandatory access controls at the fs layers.  In fact, it works so
well, when enabled you cannot even run apache on top of an FS unless
configured properly.

How?  The problem I've got is that the caching code would be creating and
accessing files and directories with the wrong security context - that of the
calling process - and not a context suitable for sharing things in the cache
whilst protecting them from userspace as best we can.
Have it access them as 0.0 (root) when you change the fsuid, etc. and I think this would satisfy security concerns. I agree that it sounds like
someone needs to instrument MAC layers with this subsystem.

Jeff

David


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux