Re: [RFC] Privilege dropping security module

From: Andy Spencer
Date: Sat Sep 26 2009 - 17:12:32 EST

Next message: Yakov Lerner: "[PATCH] /proc/net/tcp, overhead removed"
Previous message: Joe Cao: "Re: TCP stack bug related to F-RTO?"
In reply to: David Wagner: "Re: [RFC] Privilege dropping security module"
Next in thread: David Wagner: "Re: [RFC] Privilege dropping security module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> As a result, in practice this interface to dpriv probably means that
> most implemented policies will be more permissive than
> intended/desired. I consider that a defect in the design of the
> specification language. It seems like it would be preferable to have
> a specification language that better facilitates secure use of dpriv.

What would you suggest as a better specification language? Would it be
sufficient to have recursive and non recursive variants for masking
permissions?

There's an implementation problem with using recursive permissions and
expanding * in userspace as well. If the user allows access to `foo' and
denies access to `foo/*', and later creates new entry of `foo/bar', the
new entry would have access allowed, which would probably not reflect
the users intent.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Yakov Lerner: "[PATCH] /proc/net/tcp, overhead removed"
Previous message: Joe Cao: "Re: TCP stack bug related to F-RTO?"
In reply to: David Wagner: "Re: [RFC] Privilege dropping security module"
Next in thread: David Wagner: "Re: [RFC] Privilege dropping security module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]