On Tue, 2005-05-31 at 12:56 -0500, serue@private wrote: > Attached are two patches to make procattr shareable by >1 > LSM. The first patch applies on top of the current set of > stacker patches from sf.net/projects/lsm-stacker, and > modifies stacker.c. The second patch is to the sf.net > libselinux sources. > > Since I took Mimi's idea of switching from > selinux: user:role:type > to > user:role:type (selinux) > > for both get and setprocattr, no patch is needed for > ps so long as it's ok to output the data from only the > first LSM to output data. Clever. > These patches have been tested > > with stacker and an unpatched libselinux > with stacker and a patched libselinux > without stacker and a patched libselinux > > and all worked as expected. > > Any comments are much appreciated. I think preserving -EACCES and -EPERM on getprocattr from the modules is important. More generally, if any of them return anything other than - EINVAL, you should likely return immediately with the returned error, so that e.g. if SELinux denies access, then no other module will end up returning its attribute value. Otherwise, you have an information flow in violation of the MAC policy. Doesn't look like you break out of your loop when the value buffer is completely depleted by a module, although I suppose subsequent modules would see a zero length and immediately return. o_len unused? -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Tue May 31 2005 - 12:17:13 PDT