Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.

From: Tetsuo Handa
Date: Mon Dec 17 2007 - 21:26:49 EST

Next message: NHA DAT SAI GON: "BAN CAN HO CAO CAP V-STAR (SAIGON) -CHI CON 2 CAN -GIA DAC BIET"
Previous message: Harvey Harrison: "Re: FInal kprobes rollup patches"
In reply to: Serge E. Hallyn: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Next in thread: serge: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

Serge E. Hallyn wrote:
> But your requirements are to ensure that an application accessing a
> device at a well-known location get what it expect.

Yes. That's the purpose of this filesystem.

> So then the main quesiton is still the one I think Al had asked - what
> keeps a rogue CAP_SYS_MOUNT process from doing
> mount --bind /dev/hda1 /dev/null ?

Excuse me, but I guess you meant "mount --bind /dev/ /root/" or something
because mount operation requires directories.
MAC can prevent a rogue CAP_SYS_MOUNT process from doing
"mount --bind /dev/ /root/".
For example, regarding TOMOYO Linux, you need to give
"allow_mount /dev/ /root/ --bind 0" permission
to permit "mount --bind /dev/ /root/" request.

Did you mean "ln -s /dev/hda1 /dev/null" or "ln /dev/hda1 /dev/null"?
No problem. MAC can prevent such requests too.

Regards.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: NHA DAT SAI GON: "BAN CAN HO CAO CAP V-STAR (SAIGON) -CHI CON 2 CAN -GIA DAC BIET"
Previous message: Harvey Harrison: "Re: FInal kprobes rollup patches"
In reply to: Serge E. Hallyn: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Next in thread: serge: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]