Re: [PATCH] remove sys_security

From: Stephen C. Tweedie (sctat_private)
Date: Wed Oct 23 2002 - 07:54:57 PDT

  • Next message: Stephen Smalley: "Re: [PATCH] remove sys_security"

    Hi,
    
    On Wed, Oct 23, 2002 at 10:27:27AM -0400, Stephen Smalley wrote:
    > On Wed, 23 Oct 2002, Stephen C. Tweedie wrote:
    > > setfsuid() creates credentials which are _only_ applied to file
    > > operations.  The namespace happens to be the same one that applies to
    > > processes, but there's nothing that requires that to be the case
    
    > Would we need a separate call for setting the SIDs to use for each
    > "namespace", i.e. fs (for open, mkdir, mknod, and symlink calls), IPC
    > (for semget, msgget, and shmget calls), process (for execve calls), and
    > socket (for socket, connect, listen, sendmsg, and sendto calls, requiring
    > two SIDs for send*)?
    
    The BSD socket API already has a clean and extensible way of dealing
    with multiple namespaces, so there's plenty of precedent about how to
    do this without requiring multiple syscalls.
    
    > While your approach would work for calls that take input SID parameters,
    > what about the various calls that return SIDs either directly or via
    > output SID parameters, e.g. extended forms of *stat, msgrcv, recvmsg,
    > getpeername/accept plus new calls like (sem|shm|msg)sid and getsecsid?
    
    Good question --- what is the reason you need these, and are other
    security modules likely to need similar functionality?  If so, there's
    an argument for new syscalls which take a credentials/sid area as a
    return argument.
    
    --Stephen
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 07:56:23 PDT