Re: [patch] [sg]etaffinity hooks

From: Stephen Smalley (sdsat_private)
Date: Tue Oct 08 2002 - 05:21:25 PDT

  • Next message: sdsat_private: "[patch] Base set of LSM hooks for SysV IPC"

    On Tue, 8 Oct 2002, Chris Wright wrote:
    
    > I don't see a nice way to collapse this w/out basically DAC out...any
    > ideas?
    
    I don't think we want to collapse any capable() calls that are embedded in
    compound logic with uid or mode checking logic.  In this case, capable()
    is serving a permissive purpose, and that isn't consistent with the
    restrictive LSM hook.  I would only advocate collapsing capable() with the
    LSM hook when:
    a) the capable() call stands alone as an authoritative or restrictive
    check on the operation (i.e. no uid/mode logic intertwined with it),
    b) the capable() call is already immediately next to the LSM hook or can
    be trivially relocated without any side effects (this is often not the
    case, as the LSM hook cannot be invoked until the kernel object has been
    looked up, whereas the capable() check is only based on the current task).
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 05:22:44 PDT