Re: [PATCH] remove sys_security

From: Russell Coker (russellat_private)
Date: Thu Oct 17 2002 - 14:37:49 PDT

  • Next message: Alexander Viro: "Re: [PATCH] remove sys_security"

    On Thu, 17 Oct 2002 23:10, Jeff Garzik wrote:
    > >>Any idea if security identifiers change with each syscall?
    > >>
    > >>If not, a lot of the xxx_secure syscalls could go away...
    > >
    > > None of them can go away.
    > >
    > > Security identifiers are for the operation you perform.  For example
    > > open_secure() is so that you can specify the security context for a new
    > > file that you are creating.  connect_secure() is used to specify the
    > > security context of the socket you want to connect to.  In the default
    > > setup the only way that connect_secure() and open_secure() can use the
    > > same SID is for unix domain sockets (which are labeled with file types). 
    > > A TCP connection will be to a process, the SID of a process is not a
    > > valid type label for a file.
    > >
    > > lstat_secure(), recv_secure() and others are used to retrieve the
    > > security context of the file, network message, etc.
    >
    > What specific information differs per-operation, such that security
    > identifiers cannot be stored internally inside a file handle?
    
    My previous message obviously wasn't clear enough.
    
    When you want to read or set the SID of a file handle then you need to pass in 
    a SID pointer or a SID.
    
    This is what the *_secure() system calls do, they set a SID or read a SID.
    
    -- 
    http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
    http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
    http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
    http://www.coker.com.au/~russell/  My home page
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:46:22 PDT