[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pidof -c fails under FC6/strict



On Fri, 2007-01-19 at 11:11 -0800, Ulrich Drepper wrote:
> Stephen Smalley wrote:
> > In the future, I'd like to see proc permission checking revised to
> > distinguish read-only access to process state vs. full ptrace access.
> 
> That would have to be much more detailed than just read/writer vs
> read-only.  ptrace reads can leak information (especially a no-no for
> MLS but also for normal operation).  For instance, you don't want to
> allow poking a process to get randomization values/seeds like the one
> used for pointer encryption.
> 
> So, you'd have to go into great detail and maybe even split the
> functionality of a single ptrace or /proc operation in minute parts
> which might or might not be allowed.

Understood, but the current situation leads to overly permissive policy
(or excessive use of dontaudits and limited functionality) just to give
some visibility into the process state.  Having to allow domain A full
ptrace control over domain B just to let domain A see some of domain
B's /proc/pid state is overkill.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]