From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
Stephen Smalley <sds@tycho.nsa.gov>
Cc: john.johansen@canonical.com,
James Morris <james.l.morris@oracle.com>,
selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org
Subject: Re: [PATCH 2/2] proc,security: move restriction on writing /proc/pid/attr nodes to proc
Date: Mon, 19 Dec 2016 20:30:25 -0500 [thread overview]
Message-ID: <CAHC9VhRcHxEMjTwjq6ZiAjHcAyveWOnRdRayoq86tdUsD_OdMw@mail.gmail.com> (raw)
In-Reply-To: <28224bb8-425e-5dec-472f-105c5cd7e098@schaufler-ca.com>
On Fri, Dec 16, 2016 at 5:13 PM, Casey Schaufler <casey@schaufler-ca.com> wrote:
> On 12/16/2016 2:06 PM, Paul Moore wrote:
>> On Fri, Dec 16, 2016 at 12:41 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>> Processes can only alter their own security attributes via
>>> /proc/pid/attr nodes. This is presently enforced by each individual
>>> security module and is also imposed by the Linux credentials
>>> implementation, which only allows a task to alter its own credentials.
>>> Move the check enforcing this restriction from the individual
>>> security modules to proc_pid_attr_write() before calling the security hook,
>>> and drop the unnecessary task argument to the security hook since it can
>>> only ever be the current task.
>>>
>>> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
>>> ---
>>> fs/proc/base.c | 13 +++++++++----
>>> include/linux/lsm_hooks.h | 3 +--
>>> include/linux/security.h | 4 ++--
>>> security/apparmor/lsm.c | 7 ++-----
>>> security/security.c | 4 ++--
>>> security/selinux/hooks.c | 13 +------------
>>> security/smack/smack_lsm.c | 11 +----------
>>> 7 files changed, 18 insertions(+), 37 deletions(-)
>> Looks good to me. I'm happy to pull this in via the SELinux tree
>> unless anyone else would rather take it?
>
> That works for me. It does need to go in atomically.
Even with all the discussion today, I still think this patch has value
and I don't believe it should impact the PTAGS work as there are
clearly larger issues that need to be resolved (e.g. reintroduce a
task based security blob?). Unless I hear any objections that this
will wreck everything for years to come (very doubtful), I'll go ahead
and merge this into the SELinux tree tomorrow.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2016-12-20 1:30 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-16 17:41 [PATCH 1/2] selinux: clean up cred usage and simplify Stephen Smalley
2016-12-16 17:41 ` [PATCH 2/2] proc, security: move restriction on writing /proc/pid/attr nodes to proc Stephen Smalley
2016-12-16 18:38 ` [PATCH 2/2] proc,security: " Casey Schaufler
2016-12-16 19:06 ` John Johansen
2016-12-16 22:06 ` Paul Moore
2016-12-16 22:13 ` Casey Schaufler
2016-12-20 1:30 ` Paul Moore [this message]
2016-12-20 1:51 ` Casey Schaufler
2016-12-20 10:36 ` José Bollo
2016-12-20 11:13 ` [PATCH 2/2] proc, security: " Tetsuo Handa
2016-12-20 12:14 ` [PATCH 2/2] proc,security: " José Bollo
2016-12-19 9:44 ` José Bollo
2016-12-19 14:33 ` Stephen Smalley
2016-12-19 15:00 ` José Bollo
2016-12-19 15:41 ` José Bollo
2016-12-19 15:52 ` Stephen Smalley
2016-12-19 16:32 ` Casey Schaufler
2016-12-19 17:09 ` Stephen Smalley
2016-12-19 18:00 ` Casey Schaufler
2016-12-19 18:18 ` José Bollo
2016-12-19 18:12 ` José Bollo
2016-12-19 20:36 ` John Johansen
2016-12-19 21:25 ` Casey Schaufler
2016-12-19 21:46 ` [PATCH 2/2] proc, security: move restriction on writing/proc/pid/attr " Tetsuo Handa
2016-12-19 21:50 ` [PATCH 2/2] proc,security: move restriction on writing /proc/pid/attr " Stephen Smalley
2016-12-19 22:31 ` Casey Schaufler
2016-12-19 22:45 ` John Johansen
2016-12-19 22:49 ` Casey Schaufler
2016-12-20 1:27 ` Paul Moore
2016-12-20 1:23 ` Paul Moore
2016-12-20 1:59 ` Casey Schaufler
2016-12-20 14:40 ` José Bollo
2016-12-20 16:21 ` Casey Schaufler
2016-12-20 16:14 ` Stephen Smalley
2016-12-20 16:39 ` José Bollo
2016-12-20 16:50 ` Stephen Smalley
2016-12-20 18:17 ` Casey Schaufler
2016-12-20 18:28 ` Stephen Smalley
2016-12-20 19:07 ` Casey Schaufler
2016-12-20 19:35 ` Stephen Smalley
2016-12-20 20:03 ` Casey Schaufler
2016-12-20 21:22 ` José Bollo
2016-12-20 21:35 ` Stephen Smalley
2016-12-20 21:38 ` John Johansen
2016-12-21 2:37 ` Paul Moore
2016-12-21 7:04 ` José Bollo
2016-12-21 15:15 ` Paul Moore
2016-12-16 22:02 ` [PATCH 1/2] selinux: clean up cred usage and simplify Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhRcHxEMjTwjq6ZiAjHcAyveWOnRdRayoq86tdUsD_OdMw@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=casey@schaufler-ca.com \
--cc=james.l.morris@oracle.com \
--cc=john.johansen@canonical.com \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.