linux-kernel April 2007 archive
Main Archive Page > Month Archives  > linux-kernel archives
linux-kernel: Re: [AppArmor 31/41] Fix __d_path() for lazy unmou

Re: [AppArmor 31/41] Fix __d_path() for lazy unmounts and make it unambiguous; exclude unreachable mount points from /proc/mounts

From: Rob Meijer <capibara_at_nospam>
Date: Tue Apr 17 2007 - 06:30:53 GMT
To: "Alan Cox" <alan@lxorguk.ukuu.org.uk>


On Mon, April 16, 2007 23:57, Alan Cox wrote:
>> > That is a fairly significant and sudden change to the existing
>> > kernel/user interface.
>>
>> Well, this is not meant for 2.6.21. I hope it is possible to change it
>> in
>> early 2.6.22; otherwise if we can't fix mistakes from the past we are
>> pretty
>> doomed.
>
> I don't believe the existing behaviour _IS_ a mistake.
>
>> > This is untrue. The process can get there (via fd passing with another
>> > task)
>>
>> Process can access file descriptors which are unreachable via path name
>> just
>> fine indeed, but those fds still don't have a valid path in the context
>> of
>> that process.
>
> Which while problematic to your name based security is just fine to
> everything else.

The realisation that I feel needs to be made is that fd passing is a legitimate transfer of authority, and attempting to block the usage of this authority (or block the transfer of this authority) would be extremely bad.

One thing however that does need some major attention is the amounth of and the scope of the authority that is being transfered with directory file handles.

-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html