Re: [PATCH 00/11] cross rename v3

[Miklos Szeredi]

On Mon, Jan 13, 2014 at 11:03 PM, Tetsuo Handa
<penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:
> Miklos Szeredi wrote:
>> Cross rename (A, B) is equivalent to plain rename(A, B) + plain rename
>> (B, A) done as a single atomic operation.  If security module allows
>> both then cross rename is allowed.  If at least one is denied then the
>> cross rename is denied.
>
> Yes, the functionality itself is fine. The problem is how LSM users check
> their permissions for the functionality.
>
>>
>> This is prepared for in "[PATCH 06/11] security: add flags to rename
>> hooks" and actually done in "[PATCH 07/11] vfs: add cross-rename".
>>
>> Security people are free to implement a explicit security check for
>> cross rename, but I don't think that is in the scope of this patchset.
>>
> I don't know how their permissions are checked, but I think that
> swapping /A/B and /C/D should check not only
>
>   Remove a name from directory A
>   Add a name to directory C
>
> but also
>
>   Add a name to directory A
>   Remove a name from directory C
>
> using their security labels.
>
> Without making changes to security/*/ directory, SELinux/SMACK/TOMOYO/AppArmor
> might fail to check the latter permissions.

Those permissions will be checked.   Please see security/security.c in
patch 07/11 of the series.

Of course, review is appreciated.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/