[redhat-lspp] Objects

[Stephen Smalley]

On Mon, 2005-09-19 at 15:51 -0400, Steve Grubb wrote:
> I have finished reviewing all the LSPP/RBAC requirements. During the process, 
> I found a new system resource that might be considered an object. There is a 
> new api for managing keys in the kernel. The keys can be for a thread, 
> process, session, user, or group. It is manipulated via keyctl. I was 
> wondering if this needs to be labeled and treated like any other object?

IMHO, yes.  The need to consider LSM/SELinux was raised when the key
support was originally proposed on linux-kernel, but I guess we weren't
heeded.  Looks like one would need to add a security field to the key
structure, and modify the permission checking functions in
include/linux/key-ui.h to invoke a LSM hook as well.

> Also, how do we feel about signals? They are used as IPC mechanisms and there 
> are DAC checks before allowing the signal to be delivered. Are these labeled? 
> Would these be considered objects? Would it be reasonable to protect secure 
> apps from being sent a signal from any old root process?

Signals aren't objects, but signal delivery is mediated by LSM/SELinux,
based on the process labels.

-- 
Stephen Smalley
National Security Agency