* Stephen Smalley (sds@private) wrote: > Hi, > > I noticed that send_sigurg is not being mediated at present by a LSM > hook, unlike send_sigio, and wondered whether we should just move the > security_file_send_sigiotask hook into the common sigio_perm helper > function, as in the untested patch below. This would require dropping > the fd and reason arguments, but those are not being used by SELinux and > I'm not sure that they would ever be used. One lingering issue here is > that send_sigurg always sends SIGURG, whereas send_sigio sends > fown->signum or SIGIO by default, so the current check performed by > selinux_file_send_sigiotask may check the wrong permission for > send_sigurg. Typically, that won't be the case, as SIGIO and SIGURG are > both mapped to the same SELinux permission at present, but if > fown->signum was set to a signal that mapped to a different SELinux > permission and send_sigurg were called, then the check would be based on > that other permission. Comments? I think this is reasonble consolidation into sigio_perm. Could add the signal value that will be used. It seems that having a permission check that can be bypassed by user is bad idea. Does SELinux validate the signum at fctnl setsig time? thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Fri Aug 27 2004 - 13:24:14 PDT