[redhat-lspp] [Fwd: [Bug 218500] New: LSPP: tkill and tgkill are allowed to kill lower level processes]
Daniel J Walsh
dwalsh at redhat.com
Wed Dec 6 17:31:40 UTC 2006
Patches accepted. Looks like something in constraints is broken.
-------- Original Message --------
Subject: [Bug 218500] New: LSPP: tkill and tgkill are allowed to kill
lower level processes
Date: Tue, 5 Dec 2006 14:26:53 -0500
From: bugzilla at redhat.com
To: dwalsh at redhat.com
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218500
Summary: LSPP: tkill and tgkill are allowed to kill lower level
processes
Product: Red Hat Enterprise Linux Public Beta
Version: rhel5-beta2
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: selinux-policy-strict
AssignedTo: rcoker at redhat.com
ReportedBy: kylene at us.ibm.com
CC: dwalsh at redhat.com,iboverma at redhat.com,sgrubb at redhat.com
Estimated Hours: 0.0
Description of problem:
The tkill and tgkill operations allow killing a process that is of lower level
than the subject. This is against the BLP model.
Version-Release number of selected component (if applicable):
selinux-policy-mls-2.4.3-8.el5
How reproducible:
Trivial
Steps to Reproduce:
1. Create a simple infinite loop script #!/bin/sh while true; do a=1; done in
file called test.sh
2. chmod +x test.sh
3. chcon -l s0 test.sh
4. newrole -l s1
5. build and execute supplied testcase which execs test.sh and then attempts to
kill it with tkill. To test tgkill change the comment in the test from the
tgkill line to the tkill line.
Actual results:
Able to kill the process
Expected results:
Shouldn't be able to kill the process.
Additional info:
------- Additional Comments From kylene at us.ibm.com 2006-12-05 14:26 EST -------
Created an attachment (id=142880)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142880&action=view)
Testcase
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are on the CC list for the bug, or are watching someone who is.
More information about the redhat-lspp
mailing list