On Wed, 30 Oct 2002, Greg KH wrote: > Shouldn't you also fix SELinux to handle NULL security fields :) And how you would suggest that we handle them? The old precondition approach was fundamentally flawed. Failing closed (i.e. denying access) when the field is NULL will break normal operation. Failing open (i.e. granting access) when the field is NULL opens a potential security vulnerability. > And wouldn't the proliferation of different fs types in 2.5 make this > patch a bit bigger? It doesn't appear that init_private_file is used much at present; I don't know what the future plans are for it. We covered every existing use in the mainstream 2.4 and 2.5 kernels. If an out-of-tree kernel patch or module uses init_private_file, then we'll end up with an allocated security field that is never freed, but I'd rather have a leak than an Oops (and out-of-tree kernel patches and modules should naturally be audited before using them with SELinux or any other security module). -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 10:39:38 PST