Re: [1/1][PATCH] nproc v2: netlink access to /proc information
From: Chris Wright
Date: Thu Sep 09 2004 - 16:25:36 EST
* Roger Luethi (rl@xxxxxxxxxxx) wrote:
> On Thu, 09 Sep 2004 16:01:06 -0400, Stephen Smalley wrote:
> > > For the same reason, I'm not comfortable with implementing SELinux type
> > > access controls myself. How about:
> > >
> > > config NPROC
> > > depends on !SECURITY_SELINUX
> > >
> > > Adding access control later won't be a problem for anyone who groks
> > > SELinux.
> >
> [...]
> > Most obvious place to hook would be nproc_ps_get_task; we could then
> > perform a check based on the sender's credentials and the target task's
> > credentials, and simply return NULL if permission is not granted for
> > that pair, thus skipping that task as if it didn't exist. That requires
> > propagating the sender's credentials down to that function.
> >
> > Untested patch below.
>
> I used a somewhat different approach in my development tree (not
> SELinuxy, though): Most fields were world readable, some required
> credentials.
>
> I don't have any strong feelings on access control, so I'd be happy
> with any mechanism that doesn't completely botch performance. Anyway,
> I do not consider lack of access controls to be a showstopper.
Some of these things become quite sensitive, esp across setuid, etc.
For prototyping, I agree, not a showstopper. For merging, it should be
figured out properly.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/