Re: [PATCH] Add in_execve flag into task_struct.

[Shaya Potter]

Serge E. Hallyn wrote:
> Quoting Tetsuo Handa (penguin-kernel@xxxxxxxxxxxxxxxxxxx):
>> Serge,
>>
>> James is now reviewing TOMOYO Linux patch and he is caring about
>> your comment below.
>>
>> Serge E. Hallyn wrote:
>>> I don't like the 'in_exec' bit in the task_struct, but adding LSM hooks
>>> to let just TOMOYO mark whether you're in exec seems even uglier.
>> Let me (once again) ask your comment on 'in_exec' approach
>> originally suggested by David Howells ( http://lkml.org/lkml/2008/10/2/127 ).
> 
> I still don't like it.  Now I gather the reason for this is that you
> want to allow a less trusted domain to execute a file (in a new domain)
> without giving it the right to read it?  I'd be interested in hearing
> whether others think that's a worthy goal.

I assume this has been asked and answered by whats the advantage of this
in_exec flag over a single function that set the security domain, oncee
at the beginning of exec to set the new domain (B) and once in the
fail/exit path to reset it back (to A) in case of failure.

the only difference I can see is that you want what is basically a 3rd
security domain of "execing B".

The question would then be, why is "execing B" different than B itself?

otherwise, the same changes you do to set/unset the in_exec flag could
be used to set and reset the security domains.

it just seems weird to say that we are technically in security domain A,
but are going to treat the process as if its in security domain B when
you can just as easily put it in security domain B and put it back in
security domain A if the operation fails.

but again, I could very well be missing something.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/