[redhat-lspp] write access to /selinux/avc/cache_threshold
Klaus Weidner
klaus at atsec.com
Thu Apr 19 14:05:06 UTC 2007
On Wed, Apr 18, 2007 at 04:20:34PM -0400, Daniel J Walsh wrote:
> Eric Paris wrote:
> >Well the implementation sees this as 2 different operations. The open
> >is taken care of entirely by standard VFS securty hooks. AKA does your
> >shell (staff_r) have permission to open a system_u:object_r:security_t
> >file with write. Apparently policy says that it does and I see no
> >reason why that couldn't be 'fixed' thus solving your inquiry. Dan?
>
> Checks in SELinux happen on read/write not on open.
Argh, that approach would be a major problem for the LSPP evaluations...
When we were classifying the security relevance of system calls, the
basic assumption was that the security critical check happens when
opening the file, and any additional checks for read/write add additional
restrictions that aren't relevant for LSPP compliance.
Based on what Eric says, that should at least be the case for the MLS and
object type based checks, since the full information about the labels is
available to the open() check.
I'm not convinced that the read()/write() checks are reliable since there
are multiple alternative interfaces such as splice(), and for example I
didn't see an obvious LSM hook in net/ipv4/tcp.c:do_tcp_sendpages().
-Klaus
More information about the redhat-lspp
mailing list