Re: [1/1][PATCH] nproc v2: netlink access to /proc information

From: Chris Wright
Date: Thu Sep 09 2004 - 15:57:30 EST

Next message: George Anzinger: "Re: [RFC][PATCH] new timeofday core subsystem (v.A0)"
Previous message: Makan Pourzandi: "Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authenticationof binaries"
In reply to: Stephen Smalley: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Next in thread: Stephen Smalley: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> Well, it isn't that easy, or at least I don't think it is. The problem
> is that there is no way presently to convey the sender's security
> credentials (beyond the existing uid, cap information), since the LSM
> patches for adding security fields and hooks for managing skb security
> fields were rejected. The best we can do at present is pass along the
> sender pid, uid, and cap, and the security module can look up the pid if
> it chooses to get the security field (but is naturally subject to races
> in that situation).
>
> Most obvious place to hook would be nproc_ps_get_task; we could then
> perform a check based on the sender's credentials and the target task's
> credentials, and simply return NULL if permission is not granted for
> that pair, thus skipping that task as if it didn't exist. That requires
> propagating the sender's credentials down to that function.
>
> Untested patch below.
>
> Index: linux-2.6/include/linux/security.h
> ===================================================================
> RCS file: /nfshome/pal/CVS/linux-2.6/include/linux/security.h,v
> retrieving revision 1.37
> diff -u -p -r1.37 security.h
> --- linux-2.6/include/linux/security.h 16 Jun 2004 14:49:42 -0000 1.37
> +++ linux-2.6/include/linux/security.h 9 Sep 2004 19:38:23 -0000
> @@ -632,6 +632,13 @@ struct swap_info_struct;
> * security attributes, e.g. for /proc/pid inodes.
> * @p contains the task_struct for the task.
> * @inode contains the inode structure for the inode.
> + * @task_getstate:
> + * Check permission before getting the state of a task.
> + * @pid contains the pid of the requesting process.
> + * @p contains the task_struct for the target task.
> + * @uid contains the uid of the requesting process.
> + * @caps contains the capability set of the requesting process.
> + * Return 0 if permission is granted.

Why caps?

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: George Anzinger: "Re: [RFC][PATCH] new timeofday core subsystem (v.A0)"
Previous message: Makan Pourzandi: "Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authenticationof binaries"
In reply to: Stephen Smalley: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Next in thread: Stephen Smalley: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]