Re: [PATCH ghak57 V1] selinux: format all invalid context as untrusted

From: Paul Moore
Date: Mon Jun 17 2019 - 18:06:51 EST

Next message: Rafael J. Wysocki: "Re: [PATCH v2 09/28] drivers: Add generic match helper by ACPI_COMPANION device"
Previous message: Evgenii Stepanov: "Re: [PATCH v17 03/15] arm64: Introduce prctl() options to control the tagged user addresses ABI"
Next in thread: Paul Moore: "Re: [PATCH ghak57 V1] selinux: format all invalid context as untrusted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 13, 2019 at 2:43 PM Richard Guy Briggs <rgb@xxxxxxxxxx> wrote:
>
> All instances of one field type should be encoded in the same way.
> Since some invalid_context fields can contain untrusted strings, encode
> all instances of this field the same way.
>
> Please see github issue
> https://github.com/linux-audit/audit-kernel/issues/57

It would be good to see a list of all the places we are using the
"invalid_context" field and some discussion about if those labels are
really "trusted" or "untrusted". In both the
compute_sid_handle_invalid_context() and security_sid_mls_copy() cases
below it would appear that the labels can be considered "trusted",
even if they are invalid. I understand your concern about logging
consistency with the "invalid_context" field, but without some further
discussion it is hard to accept this patch as-is.

--
paul moore
www.paul-moore.com

Next message: Rafael J. Wysocki: "Re: [PATCH v2 09/28] drivers: Add generic match helper by ACPI_COMPANION device"
Previous message: Evgenii Stepanov: "Re: [PATCH v17 03/15] arm64: Introduce prctl() options to control the tagged user addresses ABI"
Next in thread: Paul Moore: "Re: [PATCH ghak57 V1] selinux: format all invalid context as untrusted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]