* A potential issue in security_inode_init_security function
@ 2017-09-29 12:37 Boshi Wang
2017-09-29 17:47 ` Casey Schaufler
0 siblings, 1 reply; 3+ messages in thread
From: Boshi Wang @ 2017-09-29 12:37 UTC (permalink / raw)
To: linux-security-module
In security_inode_init_security function of security/security.c, lsm_xattr can be modified by multiple functions due to call_init_hook function. I think that it is a potential issue when inode_init_security list is associated with more security modules, although inode_init_security list is associated with only selinux and smack currrently and the two security modules usually are not used at the same time.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* A potential issue in security_inode_init_security function
2017-09-29 12:37 A potential issue in security_inode_init_security function Boshi Wang
@ 2017-09-29 17:47 ` Casey Schaufler
2017-09-30 1:55 ` Boshi Wang
0 siblings, 1 reply; 3+ messages in thread
From: Casey Schaufler @ 2017-09-29 17:47 UTC (permalink / raw)
To: linux-security-module
On 9/29/2017 5:37 AM, Boshi Wang wrote:
> In security_inode_init_security function of security/security.c, lsm_xattr can be modified by multiple functions due to call_init_hook function. I think that it is a potential issue when inode_init_security list is associated with more security modules, although inode_init_security list is associated with only selinux and smack currrently and the two security modules usually are not used at the same time.
Yes, this needs significant work for SELinux and Smack to work
together. Work is in progress on security module stacking. Please
see the current state of this work at
git://github.com/cschaufler/smack-next#stacking-4.13-rc2
Updates for 4.15 are in progress.
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at? http://vger.kernel.org/majordomo-info.html
>
.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* A potential issue in security_inode_init_security function
2017-09-29 17:47 ` Casey Schaufler
@ 2017-09-30 1:55 ` Boshi Wang
0 siblings, 0 replies; 3+ messages in thread
From: Boshi Wang @ 2017-09-30 1:55 UTC (permalink / raw)
To: linux-security-module
Thank you for your reply. I await the update.
On 2017/9/30 1:47, Casey Schaufler wrote:
> On 9/29/2017 5:37 AM, Boshi Wang wrote:
>> In security_inode_init_security function of security/security.c, lsm_xattr can be modified by multiple functions due to call_init_hook function. I think that it is a potential issue when inode_init_security list is associated with more security modules, although inode_init_security list is associated with only selinux and smack currrently and the two security modules usually are not used at the same time.
> Yes, this needs significant work for SELinux and Smack to work
> together. Work is in progress on security module stacking. Please
> see the current state of this work at
>
> git://github.com/cschaufler/smack-next#stacking-4.13-rc2
>
> Updates for 4.15 are in progress.
>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
>> the body of a message to majordomo at vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
> .
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-09-30 1:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-29 12:37 A potential issue in security_inode_init_security function Boshi Wang
2017-09-29 17:47 ` Casey Schaufler
2017-09-30 1:55 ` Boshi Wang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.