Re: Security issues with local filesystem caching

Stephen Smalley <[email protected]> wrote:

> When the daemon writes the context value (a string) to the cachefiles
> module interface for a given cache, the cachefiles module would do
> something like the following:

This looks reasonable.

> SELinux would then provide selinux_secctx_to_secid() and
> selinux_cache_set_context() implementations; the former would just be call to
> selinux_string_to_sid(),

That sounds fairly easy.

> while the latter would require some new permission check to be defined
> unless we can treat this as equivalent to some existing operation.

So what does this actually check?  I assume it checks that the process's
current context permits the use of the specified secid in this snippet:

	/* Check permission of current to set this context. */
	rc = security_cache_set_context(secid);

> You'll find that there is already a security_secid_to_secctx() hook defined
> for LSM, so the first hook just adds the other direction.

Okay.

> 	cache->secid = secid;

I was wondering if the cache struct should have a "void *security" that the LSM
modules can set, free and assert temporarily, but this sounds like it will do.

> Later, when going to create a file in that cache, the cachefiles module
> would do something like:
> 	/* Save and switch the fs secid for creation. */
> 	fssecid = security_getfssecid();
> 	security_setfssecid(cache->secid);
> 	<create file>
> 	/* Restore the original fs secid. */
> 	security_setfssecid(fssecid);
> SELinux would then provide selinux_getfsecid() and selinux_setfssecid()
> implementations that are just:
> 	u32 selinux_getfssecid(void)
> 	{
> 		struct task_security_struct *tsec = current->security;
> 		return tsec->create_sid;
> 	}
> 	void selinux_setfssecid(u32 secid)
> 	{
> 		struct task_security_struct *tsec = current->security;
> 		tsec->create_sid = secid;
> 	}

That sounds doable.  I presume I should attend to fsuid/fsgid myself, much as
I'm doing now?

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: Security issues with local filesystem caching
  - From: David Howells <[email protected]>
- Re: Security issues with local filesystem caching
  - From: Stephen Smalley <[email protected]>

References:
- Re: Security issues with local filesystem caching
  - From: Stephen Smalley <[email protected]>
- Re: Security issues with local filesystem caching
  - From: Stephen Smalley <[email protected]>
- Re: Security issues with local filesystem caching
  - From: Stephen Smalley <[email protected]>
- Re: Security issues with local filesystem caching
  - From: Stephen Smalley <[email protected]>
- Security issues with local filesystem caching
  - From: David Howells <[email protected]>
- Re: Security issues with local filesystem caching
  - From: David Howells <[email protected]>
- Re: Security issues with local filesystem caching
  - From: David Howells <[email protected]>
- Re: Security issues with local filesystem caching
  - From: David Howells <[email protected]>

Prev by Date: Re: [PATCH 3/13] KVM: kvm data structures
Next by Date: Re: incorrect taint of ndiswrapper
Previous by thread: Re: Security issues with local filesystem caching
Next by thread: Re: Security issues with local filesystem caching
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]