|
Message-ID: <CAB9W1A0o+U+R3dXhjjskdy6VYL14ANRvq1HSjYw+PuOURmrSEQ@mail.gmail.com>
Date: Wed, 26 Sep 2018 21:53:47 -0400
From: Stephen Smalley <stephen.smalley@...il.com>
To: "Schaufler, Casey" <casey.schaufler@...el.com>
Cc: kernel-hardening@...ts.openwall.com,
Linux Kernel <linux-kernel@...r.kernel.org>, linux-security-module@...r.kernel.org,
selinux@...ho.nsa.gov, dave.hansen@...el.com, deneen.t.dock@...el.com,
kristen@...ux.intel.com, arjan@...ux.intel.com
Subject: Re: [PATCH v5 3/5] SELinux: Prepare for PTRACE_MODE_SCHED
On Wed, Sep 26, 2018, 4:35 PM Casey Schaufler <casey.schaufler@...el.com>
wrote:
> From: Casey Schaufler <casey@...aufler-ca.com>
>
> A ptrace access check with mode PTRACE_MODE_SCHED gets called
> from process switching code. This precludes the use of audit or avc,
> as the locking is incompatible. The only available check that
> can be made without using avc is a comparison of the secids.
> This is not very satisfactory as it will indicate possible
> vulnerabilies much too aggressively.
>
We already have a flag to disable audit. What locking conflict is presented
by the avc, which uses rcu?
> Signed-off-by: Casey Schaufler <casey.schaufler@...el.com>
> ---
> security/selinux/hooks.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index ad9a9b8e9979..160239791007 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2267,6 +2267,8 @@ static int selinux_ptrace_access_check(struct
> task_struct *child,
> u32 sid = current_sid();
> u32 csid = task_sid(child);
>
> + if (mode & PTRACE_MODE_SCHED)
> + return sid == csid ? 0 : -EACCES;
> if (mode & PTRACE_MODE_READ)
> return avc_has_perm(&selinux_state,
> sid, csid, SECCLASS_FILE, FILE__READ,
> NULL);
> --
> 2.17.1
>
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.