Re: [PATCH 4/6] Add dynamic context transition support to SELinux

[Stephen Smalley]

On Thu, 2004-12-02 at 14:18, Chris Wright wrote:
> No, I was thinking of actually tracking the threads, since you know when
> they come and go.  One way would be to share task_security_struct via
> refcnt for threads, although this could get sticky.

Hmm...that would be a significant change, and I'm not clear that the
existing security_task_alloc() hook even allows for it (no clone_flags
passed to it).  ptrace_sid could also be an issue for sharing.

Note that the mm checking logic is already after one permission check
(setcurrent), which will only be allowed to the small set of privileged
processes that use this feature.  That acts as the gatekeeper for any
use of this feature, then the dyntransition check controls the possible
transitions among security contexts using this feature.  In the case of
exec-based transitions, the corresponding transition check is deferred
until the actual exec processing.  So even as it stands, arbitrary
processes aren't allowed to reach the code in question, which is better
than the [gs]etpriority cases.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/