Re: MAC before DAC vs DAC before MAC

From: Casey Schaufler (caseyat_private)
Date: Wed Jul 25 2001 - 16:16:25 PDT

  • Next message: richard offer: "Audit patch against 2.4.7"

    David Wagner wrote:
    > 
    > First, one quibble: This is not about the order of MAC and DAC,
    > but rather about in-module checks vs. in-kernel checks.
    
    In the end, I believe that's a reasonable conclusion.
    
    
    > So, let me propose a possible compromise solution.  Has anyone
    > thought about doing something like the following?
    >    int rv = 0;
    >    if (... in-kernel check fails...)
    >      rv = -EPERM;
    >    rv = security_ops->hook(rv, ...);
    >    if (rv < 0)
    >      return rv;
    > This way, the module gets to see both whether the in-kernel checks
    > succeeded or not and whether the in-module checks succeeded or not,
    > and then the module can set the policy on which is to take priority.
    
    If you assume that the in-kernel checks never have
    side-effects this could work, but would definitely
    be less than optimal. I really don't want to do a
    DAC check if I've failed MAC. 
    
    
    -- 
    
    Casey Schaufler				Manager, Trust Technology, SGI
    caseyat_private				voice: 650.933.1634
    casey_pat_private			Pager: 888.220.0607
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 16:18:27 PDT