Re: handling exec_permission_lite

From: Stephen Smalley (sdsat_private)
Date: Tue May 07 2002 - 10:20:52 PDT

  • Next message: Chris Wright: "Re: handling exec_permission_lite"

    On Tue, 7 May 2002, Chris Wright wrote:
    > There is still the issue that the capable() hook can sleep.  We can't
    > distinguish these capable() calls, and in SELinux, for example, capable()
    > could call task_alloc_security() which could sleep (unless I'm misreading
    > the code).  Placing the proposed permission_lite() hook ahead of the DAC
    > checks could fix this, but it would be out of sync with the rest of the
    > LSM hooks where placement is intended to be after DAC checks.
    True, but that's a module problem.  In the SELinux case, the
    task_alloc_security() call would only occur if task_precondition() caught
    a task without a security blob, which should only happen for tasks
    allocated prior to module initialization (and only if this happens to be
    the first hook call that involves the task).  We can work around this
    issue in various way, e.g. traversing the task list during module
    initialization and invoking task_precondition on all such tasks at that
    time, or having task_alloc_security always use atomic allocation when
    called from task_precondition for safety.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 07 2002 - 10:22:42 PDT