Re: Walking a wait_queue_t list of tasks blocked on pipe
From: W. Michael Petullo
Date: Thu Jan 14 2016 - 16:45:24 EST
>> I am trying to write code to walk a wait_queue_t list as part of a LSM
>> file_permission function. The purpose is to act on each task which has
>> blocked while trying to read from a pipe.
> Just don't do that..
What we are trying to do is implement a research prototype for a simple
information-flow system using LSM. The idea is that processes become
tainted when they read objects marked as confidential and such processes
taint other processes based on further interaction.
The problem is that process A could open and block on reading
FIFO F before tainted process B writes to F (and causes F to become
confidential). Since A's LSM hooks fire off before it blocks, A could
end up reading confidential data without itself being tainted.
So it seems that I need to either walk the list of blocked processes,
possibly tainting them, or insert a new LSM hook into pipe.c to support
rechecking the confidentiality level of the pipe after waking up but
before reading.
If this all seems a little crazy it is because we are early in the
prototyping process.
Thank you,
--
Mike
:wq