Re: [GIT] Security updates for 3.3: SELinux

From: J. R. Okajima
Date: Tue Jan 17 2012 - 09:28:22 EST

Next message: Cyrill Gorcunov: "[RFC] syscalls, x86: Add __NR_kcmp syscall"
Previous message: Sha: "Re: [patch 2/2] mm: memcg: hierarchical soft limit reclaim"
Next in thread: Eric Paris: "Re: [GIT] Security updates for 3.3: SELinux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James Morris:
> Eric Paris (12):
:::
> capabitlies: ns_capable can use the cap helpers rather than lsm call

After this commit, I am afraid access(2) on NFS may not work correctly.
The scenario based upon my guess.
- access(2) overrides the credentials.
- calls inode_permission() -- ... -- generic_permission() --
ns_capable().
- while the old ns_capable() calls security_capable(current_cred()), the
new ns_capable() calls has_ns_capability(current) --
security_capable(__task_cred(t)).

current_cred() returns current->cred which is effective (overridden)
credentials, but __task_cred(current) returns current->real_cred (the
NFSD's credential). And the overridden credentials by access(2) lost.

Is my guess correct?

J. R. Okajima
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Cyrill Gorcunov: "[RFC] syscalls, x86: Add __NR_kcmp syscall"
Previous message: Sha: "Re: [patch 2/2] mm: memcg: hierarchical soft limit reclaim"
Next in thread: Eric Paris: "Re: [GIT] Security updates for 3.3: SELinux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]