Re: [patch] smack: remove unnecessary xattr checks

From: Miklos Szeredi
Date: Wed Jul 02 2008 - 03:31:12 EST

Next message: Kumar Gala: "Re: [PATCH] POWERPC CPM: Minor cosmetic changes to udbg_putc"
Previous message: Yinghai Lu: "[PATCH] x86: merge zones_sizes_init for numa and non numa on 32bit"
In reply to: Casey Schaufler: "Re: [patch] smack: remove unnecessary xattr checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 01 Jul 2008, Casey Schaufler wrote:
> I tried your patch without looking at it and found that
> getxattr is too permissive with your changes. I found that
>
> % ls -l foo
>
> will fail while
>
> % attr -S -g SMACK64 foo
>
> will succeed. Of course if stat() fails due to a Smack
> access check getxattr() ought to as well. So it would
> appear that the call to security_inode_permission is not
> sufficient.

Hmm, I missed the fact that security_inode_permission() is only called
for xattrs not in the speclial (security.*, system.*, trusted.*)
namespaces. So yes the patch is incorrect.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kumar Gala: "Re: [PATCH] POWERPC CPM: Minor cosmetic changes to udbg_putc"
Previous message: Yinghai Lu: "[PATCH] x86: merge zones_sizes_init for numa and non numa on 32bit"
In reply to: Casey Schaufler: "Re: [patch] smack: remove unnecessary xattr checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]