Re: [PATCH] Smack: Use secureexec with SMACK64EXEC
From: Sakkinen, Jarkko
Date: Thu Sep 22 2011 - 03:25:53 EST
On Wed, Sep 21, 2011 at 8:15 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> bprm->unsafe isn't private to your security module, unlike e.g.
> bprm->cred->security. And it isn't intended to indicate that a
> secureexec is being performed, but instead as an indicator that a
> credential-changing exec may be unsafe. Which you presently ignore.
> Defining and setting a new flag in it will have interesting side
> effects, e.g. consider cap_bprm_secureexec, not to mention being a
> layering violation and a source of future conflicts.
>
> Why can't your bprm_secureexec hook just test isp->smk_task directly?
> It can reach it from the bprm. Or if you don't like testing it twice,
> then you could always add a flag to your struct referenced by
> bprm->cred->security, i.e. the smack_task struct.
Thank you. You're absolutely right on this and yes, I can
safely just use isp->smk_task. No need for that flag.
BTW, do you know why AppArmor does use similar flag
AA_SECURE_X_NEEDED?
> BTW, there is a lot more to do if you want SMACK64EXEC to be safe.
Can you open up this a bit?
/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/