Message-id: <1432658555.1974.26.camel@samsung.com>
Subject: Re: [PATCH v2 0/7] Smack namespace
From: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: "David S. Miller" <davem@davemloft.net>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "Kirill A. Shutemov" <kirill@shutemov.name>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Casey Schaufler <casey@schaufler-ca.com>,
        David Howells <dhowells@redhat.com>, Fabian Frederick <fabf@skynet.be>,
        Greg KH <gregkh@linuxfoundation.org>,
        James Morris <james.l.morris@oracle.com>,
        Jeff Layton <jlayton@primarydata.com>,
        Jingoo Han <jg1.han@samsung.com>, Joe Perches <joe@perches.com>,
        John Johansen <john.johansen@canonical.com>,
        Jonathan Corbet <corbet@lwn.net>, Kees Cook <keescook@chromium.org>,
        Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
        Miklos Szeredi <miklos@szeredi.hu>, Oleg Nesterov <oleg@redhat.com>,
        Paul Moore <paul@paul-moore.com>,
        Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
        Zefan Li <lizefan@huawei.com>, Rafal Krypa <r.krypa@samsung.com>,
        linux-doc@vger.kernel.org, linux-api@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org,
        containers@lists.linux-foundation.org,
        Lukasz Pawelczyk <havner@gmail.com>
Date: Tue, 26 May 2015 18:42:35 +0200
In-reply-to: <5564A088.4040507@tycho.nsa.gov>
References: <1432209222-8479-1-git-send-email-l.pawelczyk@samsung.com>
 <1432557162-19123-1-git-send-email-l.pawelczyk@samsung.com>
 <556484BD.2060004@tycho.nsa.gov> <1432657655.1974.21.camel@samsung.com>
 <5564A088.4040507@tycho.nsa.gov>
Content-type: text/plain; charset=UTF-8
MIME-version: 1.0
Content-transfer-encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1806
Lines: 43

On wto, 2015-05-26 at 12:34 -0400, Stephen Smalley wrote:
> > On wto, 2015-05-26 at 10:35 -0400, Stephen Smalley wrote:
> >> On 05/25/2015 08:32 AM, Lukasz Pawelczyk wrote:
> > 
> > I call the inode operation by hand in the post_setxattr.
> > 
> > The label will effectively be set twice, which is not ideal, but there
> > is no other option right now without reworking the hooks as you said.
> > 
> > This shouldn't really be a problem because the Smack operations will not
> > use the filesystem label (even when it's set incorrectly for a moment)
> > but an already initialized smack_known structure for this inode that has
> > all the values filled in properly.
> > 
> > The only attack vector I can think of is hard rebooting the machine in a
> > way that mapped label is really saved in the filesystem before the
> > unmapped will have a chance. Should I be worried about that? This sounds
> > a little unreal.
> 
> If it were my security module, I would be worried about it.  Even aside
> from maliciously induced failure, you are leaving yourself open to
> inconsistencies arising upon crashes.  I would suggest modifying the
> setxattr hook so that the security module can override the original
> value/size pair with its own definition before it is passed to the inode
> operation.  There is already precedent in that security modules are
> allowed to override the value/size returned by getxattr for security.*,
> so this just makes them fully parallel.

Will do. Thank you.


-- 
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/