* Serge E. Hallyn (hallyn@private) wrote: > Chris Wright (chrisw@private) wrote: > > I agree. And I believe that pure lookup is not mediated with the > > task_to_inode + inode_permission check. So, in fact, to be complete > > this is required AFAICT. > > In fact, my experiments show the opposite to be true. Adding a > security_task_lookup() call in proc_pid_lookup() causes > ls /proc/1 to improperly succeed once it has properly for some other > process. The task_to_inode + inode_permission check always worked. Ah, yeah. You're getting bit by a cached lookup. I expect ls -d would pass that check (it'll need inode_getattr support). > I'm guessing a third security_task_lookup() check would have to be placed > in pid_revalidate(). Not sure about fd_revalidate. Only problem with this is it forces it out of the dcache. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Mon Aug 16 2004 - 19:29:46 PDT