Re: SELinux Kernel Oops

From: Stephen Smalley (sdsat_private)
Date: Thu Oct 31 2002 - 04:11:29 PST

  • Next message: Stephen Smalley: "Re: SELinux Kernel Oops"

    On Wed, 30 Oct 2002, Greg KH wrote:
    
    > Shouldn't you also fix SELinux to handle NULL security fields :)
    
    And how you would suggest that we handle them?  The old precondition
    approach was fundamentally flawed.  Failing closed (i.e. denying access)
    when the field is NULL will break normal operation.  Failing open (i.e.
    granting access) when the field is NULL opens a potential security
    vulnerability.
    
    > And wouldn't the proliferation of different fs types in 2.5 make this
    > patch a bit bigger?
    
    It doesn't appear that init_private_file is used much at present; I don't
    know what the future plans are for it.  We covered every existing use in
    the mainstream 2.4 and 2.5 kernels.  If an out-of-tree kernel patch
    or module uses init_private_file, then we'll end up with an allocated
    security field that is never freed, but I'd rather have a leak than an
    Oops (and out-of-tree kernel patches and modules should naturally be
    audited before using them with SELinux or any other security module).
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 10:39:38 PST