[redhat-lspp] Objects
Stephen Smalley
sds at tycho.nsa.gov
Mon Sep 19 20:06:58 UTC 2005
On Mon, 2005-09-19 at 15:51 -0400, Steve Grubb wrote:
> I have finished reviewing all the LSPP/RBAC requirements. During the process,
> I found a new system resource that might be considered an object. There is a
> new api for managing keys in the kernel. The keys can be for a thread,
> process, session, user, or group. It is manipulated via keyctl. I was
> wondering if this needs to be labeled and treated like any other object?
IMHO, yes. The need to consider LSM/SELinux was raised when the key
support was originally proposed on linux-kernel, but I guess we weren't
heeded. Looks like one would need to add a security field to the key
structure, and modify the permission checking functions in
include/linux/key-ui.h to invoke a LSM hook as well.
> Also, how do we feel about signals? They are used as IPC mechanisms and there
> are DAC checks before allowing the signal to be delivered. Are these labeled?
> Would these be considered objects? Would it be reasonable to protect secure
> apps from being sent a signal from any old root process?
Signals aren't objects, but signal delivery is mediated by LSM/SELinux,
based on the process labels.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list