kernel file handle leak?
Stephen Smalley
sds at epoch.ncsc.mil
Tue Aug 17 12:32:22 UTC 2004
On Tue, 2004-08-17 at 07:27, Stephen Smalley wrote:
> I've seen udev leaking a descriptor to a Unix datagram socket to its
> helper programs, but that is usually labeled udev_t (but would be
> kernel_t if you didn't install the udev policy or label udev properly,
> so that kernel_t failed to transition to udev_t when running udev).
>
> I've also seen the kernel leaking descriptors to rootfs entries unpacked
> from the initramfs to all processes; SELinux stomps on those and resets
> them to the null device.
BTW, I don't know whether the udev helper socket inheritance is
intentional (e.g. to collect output from the helper program) or an
accident - I haven't looked at the code.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list