Hi, On Wed, Oct 23, 2002 at 01:43:55PM +0200, Russell Coker wrote: > On Wed, 23 Oct 2002 02:35, Stephen C. Tweedie wrote: > > > "system_u:object_r:var_log_t") then how would I go about doing it other > > > than through a modified open system call? > > With a "setesid(2)" syscall to set the effective sid. > Good idea, however there are two potential problems that I can see. > > When creating a file the UID/GID name space for the file is the same as that > for the process. In SE Linux the name space for files to be created does not > intersect the name space of the processes. This makes it much less clean > than setfsuid(). setfsuid() creates credentials which are _only_ applied to file operations. The namespace happens to be the same one that applies to processes, but there's nothing that requires that to be the case, and if you have a corresponding setfssid() to set the effective set for fs access, you're explicitly requesting the fs namespace, not the process one. > Secondly there is the issue of a lack of atomicity. Is there a potential for > a signal handler to create a file between the setesid() and creat() in the > main code? I guess the API open_secure() could remain the same and block all > signals for it's operation... Definitely. Application writers will need to be aware of that, just as they have to be aware of the same for setfsuid today. But when you've got signal handlers doing complex work, you've got all sorts of races opening up, and trying to fix every single one of them by inventing new syscalls for every single combination of operation that the app might want to do atomically makes no sense! --Stephen _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 05:00:39 PDT