Re: [patch 01/15] security: pass path to inode_create

[Toshiharu Harada]

2008/6/3 Evgeniy Polyakov <johnpol@xxxxxxxxxxx>:
> On Mon, Jun 02, 2008 at 12:55:33PM +0200, Miklos Szeredi (miklos@xxxxxxxxxx) wrote:
>> Oh, I've been told.  But valid technical reason given?  No.
>
> This is a really interesting flame, can you proceed,
> we will run for cola and peanuts :)

Let me quote a message by Chris Wright from LSM ml:
"You cannot discover the path used to access an inode without knowing
both the dentry and the vfsmount objects. "

Another one by Stephen Smalley:
"Pathname-based security considered harmful.  You want to control access
to an object, not a name, and the name-to-object mapping is neither
one-to-one nor immutable."

Can you guess when they were posted?
The answer is December 2003. :)
Do we need more time? I don't think so.

I'm viewing Miklos' patches as *enhancements* not only for AppArmor (and
other pathname-based LSM modules). Everyone can make use of
information and lose nothing.  Am I too simple minded?

> For the technical reason: in case of stackable/bind, which path should
> be checked? Whatever answer is, there will always be another party,
> which wants different behaviour.

-- 
Toshiharu Harada
haradats@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/