Re: [PATCH] extended attribute support

From: Valdis.Kletnieksat_private
Date: Tue Feb 05 2002 - 08:11:07 PST

  • Next message: Chris Wright: "Re: Other pending changes"

    On Tue, 05 Feb 2002 08:54:59 EST, Stephen Smalley said:
    
    > The value (when provided as an input parameter to the call, e.g. setxattr)
    > will be important to some security modules.  For example, if the security
    > module is using extended attributes to store its own security data, then
    > it will likely perform a permission check based on the new value when the
    > name corresponds to its own attribute space.  Additionally, if certain
    > ('name', 'value') pairs are well-defined and are critical to system
    > security, then some security modules may choose to make use of the value
    > in those cases.
    
    Is there any reason to allow/support the security module editing the parameters
    for its own purposes, or is it restricted to a "list is bad, go away" error
    code?  I could see a case where "if the user program specified X:Z, we would
    want to tack on a W:Y as well...". (For instance, if a program tried to
    put a 'LABEL:ABC' on it, we might want to attach a 'DOMAIN:XYZ' or edit
    ABC into a value easier for us to deal with....)
    
    The alternative is that the security module then gets to keep its *own*
    database of "files which have X:Z specified, and what values of W we've
    attached to each one".  Quite a duplication of effort, especially when
    the kernel already *has* support for storing what we want, and looking it
    up ourselves may be expensive (possibly involving a call out to a userspace
    process to do a database lookup, etc etc).
    
    /Valdis
    
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 08:12:24 PST