On 11 Aug 2001, David Wagner wrote: > Greg KH wrote: > >Ah, but Stephans program should first validate that the kernel is > >running SELinux by some other method than the syscall [...] > > Are there race conditions here? What if someone does a > 'rmmod selinux; insmod subdomain' between the time when > you check for the presence of SELinux and use the syscall? > > It might be that an advantage of having the invoker of the > syscall explicitly specify which module they expect to be > handling this is that it rules out attacks like this where > you might get unexpected (and hence undesired) behavior. > Yes. There are possible race conditions. The application can check to see if the appropriate module is loaded and then assume that everafter. I don't think this is actually a PROBLEM though. The module should verify that it is listening to the proper application, not the kernel, not the application. Security, if any, resides in the module. THIS (module side verification) does not require a specific argument outside default channels to maintain, imho. As a vulnerabilty, it is an extreme long-shot proposition. :) J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 18:17:24 PDT