All of lore.kernel.org
 help / color / mirror / Atom feed
From: Lucian Adrian Grijincu <lucian.grijincu@gmail.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>,
	Eric Paris <eparis@parisplace.org>,
	Nick Piggin <npiggin@kernel.dk>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH] security/selinux: fix /proc/sys/ labeling
Date: Tue, 1 Feb 2011 17:53:40 +0200	[thread overview]
Message-ID: <AANLkTimiV_2SAwXuH-SjGav5XJixN=SnjrPrtFRRQF05@mail.gmail.com> (raw)
In-Reply-To: <1296572538.12605.4.camel@moss-pluto>

On Tue, Feb 1, 2011 at 5:02 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> Is this patch really from Eric or just derived from an earlier patch by him?


No, sorry for the confusion.
I seem to have triggered a git send-email bug.

>> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
>
> And did Eric truly sign off on this patch or just on an earlier one?


Just the earlier one. I added his sign-off because of this paragraph
in SubmittingPatches:
| The Signed-off-by: tag indicates that the signer was involved in the
| development of the patch, or that he/she was in the patch's delivery path.

>
>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>> index e276eb4..7c5dfb1 100644
>> --- a/security/selinux/hooks.c
>> +++ b/security/selinux/hooks.c
>> @@ -1317,9 +1311,9 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
>>
>>               if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
>>                       struct proc_inode *proci = PROC_I(inode);
>> -                     if (proci->pde) {
>> +                     if (opt_dentry && (proci->pde || proci->sysctl)) {
>>                               isec->sclass = inode_mode_to_security_class(inode->i_mode);
>> -                             rc = selinux_proc_get_sid(proci->pde,
>> +                             rc = selinux_proc_get_sid(opt_dentry,
>>                                                         isec->sclass,
>>                                                         &sid);
>>                               if (rc)
>
> It would be nice if we could eliminate the last remaining piece of proc
> internal knowledge from this code - why do we need the proci->pde ||
> proci->sysctl test here?  What changes without it?


Without we label all nodes in /proc/ through selinux_proc_get_sid.

/proc/1/limits should not get it's sid from here, but from
security_task_to_inode -> selinux_task_to_inode.

Without the check we send "/1/limits" to selinux_proc_get_sid, which
strips off "/1" leaving "/limits". This will be labeled with "proc_t"
IIRC.


-- 
 .
..: Lucian

  reply	other threads:[~2011-02-01 15:54 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-01  0:17 [PATCH] security/selinux: fix /proc/sys/ labeling Lucian Adrian Grijincu
2011-02-01  1:32 ` [PATCH] security: remove unused security_sysctl hook Lucian Adrian Grijincu
2011-02-01 15:02 ` [PATCH] security/selinux: fix /proc/sys/ labeling Stephen Smalley
2011-02-01 15:53   ` Lucian Adrian Grijincu [this message]
2011-02-01 15:59     ` Stephen Smalley
2011-02-01 16:32       ` Lucian Adrian Grijincu
2011-02-01 16:37         ` Stephen Smalley
2011-02-01 16:42           ` [PATCH 1/2] " Lucian Adrian Grijincu
2011-02-01 16:44             ` [PATCH 2/2] security: remove unused security_sysctl hook Lucian Adrian Grijincu
2011-02-01 19:05               ` Stephen Smalley
2011-02-01 20:06                 ` Eric Paris
2011-02-14 19:33                   ` Lucian Adrian Grijincu
2011-02-14 19:53                     ` Eric Paris
2011-02-14 20:06                       ` Lucian Adrian Grijincu
2011-02-14 22:06                         ` James Morris
2011-02-01 19:04             ` [PATCH 1/2] security/selinux: fix /proc/sys/ labeling Stephen Smalley
2011-02-01 19:33             ` Eric W. Biederman
2011-02-01 19:33             ` Eric W. Biederman
2011-02-01 19:46               ` Lucian Adrian Grijincu
2011-02-01 20:14                 ` Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='AANLkTimiV_2SAwXuH-SjGav5XJixN=SnjrPrtFRRQF05@mail.gmail.com' \
    --to=lucian.grijincu@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=npiggin@kernel.dk \
    --cc=sds@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.