On Thu, Oct 31, 2002 at 07:11:29AM -0500, Stephen Smalley wrote: > > On Wed, 30 Oct 2002, Greg KH wrote: > > > Shouldn't you also fix SELinux to handle NULL security fields :) > > And how you would suggest that we handle them? The old precondition > approach was fundamentally flawed. Failing closed (i.e. denying access) > when the field is NULL will break normal operation. Failing open (i.e. > granting access) when the field is NULL opens a potential security > vulnerability. Hm, good point. I guess oopsing is the best choice here :) > > And wouldn't the proliferation of different fs types in 2.5 make this > > patch a bit bigger? > > It doesn't appear that init_private_file is used much at present; I don't > know what the future plans are for it. We covered every existing use in > the mainstream 2.4 and 2.5 kernels. If an out-of-tree kernel patch > or module uses init_private_file, then we'll end up with an allocated > security field that is never freed, but I'd rather have a leak than an > Oops (and out-of-tree kernel patches and modules should naturally be > audited before using them with SELinux or any other security module). Ok, I understand better now. I wouldn't worry about out-of-tree patches or modules, that's a whole 'nother mess. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 23:43:44 PST