Re: [PATCH] remove sys_security

From: Russell Coker (russellat_private)
Date: Wed Oct 23 2002 - 04:43:55 PDT

  • Next message: Stephen C. Tweedie: "Re: [PATCH] remove sys_security"

    On Wed, 23 Oct 2002 02:35, Stephen C. Tweedie wrote:
    > > If for example I want to create a file of context
    > > "system_u:object_r:fingerd_log_t" under /var/log (instead of taking the
    > > context from that of the /var/log directory
    > > "system_u:object_r:var_log_t") then how would I go about doing it other
    > > than through a modified open system call?
    > With a "setesid(2)" syscall to set the effective sid.
    > A new file already inherits a ton of context, from the current uid/gid
    > to the umask.  Those are already selectable by setting up the current
    > process context.  And for the uid/gid bits, we also have setfsuid to
    > set the id for creation without causing the whole process to suddenly
    > change ownership.
    Good idea, however there are two potential problems that I can see.
    When creating a file the UID/GID name space for the file is the same as that 
    for the process.  In SE Linux the name space for files to be created does not 
    intersect the name space of the processes.  This makes it much less clean 
    than setfsuid().
    Secondly there is the issue of a lack of atomicity.  Is there a potential for 
    a signal handler to create a file between the setesid() and creat() in the 
    main code?  I guess the API open_secure() could remain the same and block all 
    signals for it's operation...
    --   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 04:46:01 PDT