Re: USENIX Security LSM BOF Notes

• Previous message: Theodore Tso: "Re: Making forward progress"
• In reply to: Crispin Cowan: "USENIX Security LSM BOF Notes"
• Next in thread: richard offer: "Re: USENIX Security LSM BOF Notes"
• Reply: richard offer: "Re: USENIX Security LSM BOF Notes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for posting your notes.  A few quick comments:

> Hot Issues
>    * what to do w/ capabilities module?
>    * UNIX domain sockets using abstract namespace

Since we didn't get to these topics, I wanted to touch briefly on them.  

With regard to the capabilities module, I think Greg merged my recent bug
fix patch but not the capget/capset hook patch.  Does anyone have any 
objections to the latter patch?  If that patch is integrated, then I am
actually comfortable with the state of the capabilities module.  The big
remaining task would be to actually move the capability bits from the
kernel data structures into the security blobs, and I'm not so sure about
the desirability of that task (see my patch message for a list of some of
the places in the kernel that would still need to be changed in order to
move the bits completely).

With regard to Unix domain sockets, the issue is that Linux provides 
an alternative to the conventional file name space for Unix domain
sockets.  Whereas binding and connecting to sockets in the file name 
space is mediated by the typical file permissions (and caught by our
hooks on vfs_mknod and permission), binding and connecting to sockets
in the abstract name space is completely unmediated.  I do not believe
that we can achieve sufficient control of sockets in the abstract
names space using the socket layer hooks, because we need to know
the actual target socket, which is not looked up until we are in
the af_unix code.  So it appears that we need some explicit hooks
in the af_unix code to mediate access to the abstract namespace.

>    * Action:  SGI should look at Stephen's early June authoritative
>      patch, and determine to what extent it will satisfy their needs.
>      To the extent that it falls short, SGI should identify what is
>      needed in addition.  It is important that the cases SGI looks at
>      not be just the simple ones; there are hard cases that need to be
>      examined.

On this issue, I volunteered to provide SGI with a copy of that patch,
and I may go ahead and update it to be consistent with the current
version of the LSM patch to make life easier for SGI.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private





_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: richard offer: "Re: USENIX Security LSM BOF Notes"
• Previous message: Theodore Tso: "Re: Making forward progress"
• In reply to: Crispin Cowan: "USENIX Security LSM BOF Notes"
• Next in thread: richard offer: "Re: USENIX Security LSM BOF Notes"
• Reply: richard offer: "Re: USENIX Security LSM BOF Notes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 07:23:43 PDT