[redhat-lspp] [Fwd: [Bug 218500] New: LSPP: tkill and tgkill are allowed to kill lower level processes]

Daniel J Walsh dwalsh at redhat.com
Wed Dec 6 17:31:40 UTC 2006 

Patches accepted.  Looks like something in constraints is broken.

-------- Original Message --------
Subject: 	[Bug 218500] New: LSPP: tkill and tgkill are allowed to kill 
lower level processes
Date: 	Tue, 5 Dec 2006 14:26:53 -0500
From: 	bugzilla at redhat.com
To: 	dwalsh at redhat.com



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218500

           Summary: LSPP: tkill and tgkill are allowed to kill lower level
                    processes
           Product: Red Hat Enterprise Linux Public Beta
           Version: rhel5-beta2
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: selinux-policy-strict
        AssignedTo: rcoker at redhat.com
        ReportedBy: kylene at us.ibm.com
                CC: dwalsh at redhat.com,iboverma at redhat.com,sgrubb at redhat.com
   Estimated Hours: 0.0


Description of problem:
The tkill and tgkill operations allow killing a process that is of lower level
than the subject.  This is against the BLP model.

Version-Release number of selected component (if applicable):
selinux-policy-mls-2.4.3-8.el5

How reproducible:
Trivial

Steps to Reproduce:
1. Create a simple infinite loop script #!/bin/sh while true; do a=1; done in
file called test.sh
2. chmod +x test.sh
3. chcon -l s0 test.sh
4. newrole -l s1
5. build and execute supplied testcase which execs test.sh and then attempts to
kill it with tkill.  To test tgkill change the comment in the test from the
tgkill line to the tkill line.
  
Actual results:
Able to kill the process

Expected results:
Shouldn't be able to kill the process.

Additional info:

------- Additional Comments From kylene at us.ibm.com  2006-12-05 14:26 EST -------
Created an attachment (id=142880)
 --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142880&action=view)
Testcase


-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are on the CC list for the bug, or are watching someone who is.

More information about the redhat-lspp mailing list