[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Another slab size-32 leak 2.6.16-rc4-mm2

On Mon, Mar 06, 2006 at 10:20:05AM -0500, Stephen Smalley wrote:
> But ipcperms() isn't called on every IPC operation, in particular not
> for the ones that apply uid ownership or capability tests rather than
> mode checks, e.g. SHM_LOCK/UNLOCK.  Compare the coverage of the
> security_* hooks in the ipc code against the audit-related hooks.

SHM_LOCK/UNLOCK doesn't look like an "operation on an object" from the
LSPP point of view (it doesn't read, write, create, destroy, change
permissions, or similar things), so I don't see a need to audit that one.
There may be a need to add new hooks for specific functions if they turn
out to require auditing, but offhand I'm not aware of any.

> That is why I suggested making a call to some audit hook for collecting
> the IPC object context from every selinux_* IPC hook - that ensures
> coverage without requiring additional audit hooks.

Keep in mind that LSPP requires audit records (including object labels)
for unsuccessful operations, and as far as I know an access request
that's rejected by DAC permissions won't call the selinux hook.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]