-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Depending on the MAC security model you are using showing the contents of a directory doesn't cause any problem. You are only reading the contents of the directory (in which you meet the security requirements), not the information from the inode. If after reading the contents you try to stat(), open(), etc. the object and you don't meet the MAC model it should fail. If the model includes the label of the object as part of the name space readdir() would have been modified to not return the name of the object you shouldn't have MAC access to. FYI you can open up a possible covert channel when having the label as part of the name space because you can determine where the read pointer is within the directory. Mike Russell Coker wrote: | On Fri, 31 Jan 2003 01:10, Casey Schaufler wrote: | |>>>In order to get any of those messages you will have had to access |>>>the object to determine that it's a directory. The access check |>>>will have been done (it had better!) before you go looking around |>>>in the object. |>> |>>Sorry, no. Type checking often occurs before any kind of permission |>>check to the object, whether we are talking about DAC or the LSM hook |>>call. |> |>And in a DAC only world that's understandable because you're |>allowed to look at the attributes even if the file mode is 000. |>In a MAC world, however, you won't be permitted to look at |>the attributes that tell you its a directory if you're not |>cleared to read the file. This is the way that all LSPP systems |>work today. | | | With the way that SE Linux works you can't stop readdir() from showing the | name of a file or directory if the parent directory is readable. Does this | come from SE Linux or LSM? | | Isn't the name of a directory entry more important than the type of object it | is? | - -- Thanks, Mike Mikel L. Matthews S.V.P. and Chief Engineer Argus Systems Group, Inc. www.argus-systems.com (217) 355-6308 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+OoJLt8r7n+hU7k8RAvhYAKDE1V3rgZWJ/Jt4ceXbqlWrMYSEcgCgmYEL HtTC4uZpoSOXlw/6P2m/Pkc= =vWQR -----END PGP SIGNATURE----- _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 06:07:54 PST