Re: [PATCH 00/11] cross rename v3
From: Tetsuo Handa
Date: Mon Jan 13 2014 - 17:05:27 EST
Miklos Szeredi wrote:
> Cross rename (A, B) is equivalent to plain rename(A, B) + plain rename
> (B, A) done as a single atomic operation. If security module allows
> both then cross rename is allowed. If at least one is denied then the
> cross rename is denied.
Yes, the functionality itself is fine. The problem is how LSM users check
their permissions for the functionality.
>
> This is prepared for in "[PATCH 06/11] security: add flags to rename
> hooks" and actually done in "[PATCH 07/11] vfs: add cross-rename".
>
> Security people are free to implement a explicit security check for
> cross rename, but I don't think that is in the scope of this patchset.
>
I don't know how their permissions are checked, but I think that
swapping /A/B and /C/D should check not only
Remove a name from directory A
Add a name to directory C
but also
Add a name to directory A
Remove a name from directory C
using their security labels.
Without making changes to security/*/ directory, SELinux/SMACK/TOMOYO/AppArmor
might fail to check the latter permissions. Please get confirmation from LSM
people before you merge this change to linux-next tree.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/