Re: [AppArmor 00/44] AppArmor security module overview
From: Kyle Moffett
Date: Wed Jun 27 2007 - 06:59:20 EST
On Jun 26, 2007, at 22:24:03, John Johansen wrote:
other issues that have been raised are:
- the use of d_path to generate the pathname used for mediation when a
file is opened.
- Generating the pathname using a reverse walk is considered ugly
A little more than "ugly". In this basic concurrent rename() and
path-lookup load:
mkdir -p /a/b/0
mkdir -p /a/b/2
mkdir -p /c
touch /a/b/0/1
cd /a/b
while true; mv 0/1 2/3; mv 2/3 0/1; done &
cd /
while true; do mv a/b c/d; mv c/d a/b; done &
while true; do cat a/b/0/1 & done
while true; do cat a/b/2/3 & done
while true; do cat c/d/0/1 & done
while true; do cat c/d/2/3 & done
I seem to recall you could actually end up racing and building a path
to the file in those directories as "a/d/0/3" or some other path at
which it never even remotely existed. I'd love to be wrong, but I
can't help but see this problem in any reverse-pathname-generation
proposal which gets the locking right.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/