Re: SELinux Kernel Oops

From: Greg KH (gregat_private)
Date: Thu Oct 31 2002 - 23:39:23 PST

On Thu, Oct 31, 2002 at 07:11:29AM -0500, Stephen Smalley wrote:
> On Wed, 30 Oct 2002, Greg KH wrote:
> > Shouldn't you also fix SELinux to handle NULL security fields :)
> And how you would suggest that we handle them?  The old precondition
> approach was fundamentally flawed.  Failing closed (i.e. denying access)
> when the field is NULL will break normal operation.  Failing open (i.e.
> granting access) when the field is NULL opens a potential security
> vulnerability.

Hm, good point.  I guess oopsing is the best choice here :)

> > And wouldn't the proliferation of different fs types in 2.5 make this
> > patch a bit bigger?
> It doesn't appear that init_private_file is used much at present; I don't
> know what the future plans are for it.  We covered every existing use in
> the mainstream 2.4 and 2.5 kernels.  If an out-of-tree kernel patch
> or module uses init_private_file, then we'll end up with an allocated
> security field that is never freed, but I'd rather have a leak than an
> Oops (and out-of-tree kernel patches and modules should naturally be
> audited before using them with SELinux or any other security module).

Ok, I understand better now. I wouldn't worry about out-of-tree patches
or modules, that's a whole 'nother mess.


greg k-h
linux-security-module mailing list

This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 23:43:44 PST