On Mon, Aug 31, 2015 at 9:22 AM, David Herrmann <[email protected]> wrote: > Hi > > On Mon, Aug 31, 2015 at 5:37 PM, Andy Lutomirski <[email protected]> wrote: >> On Mon, Aug 24, 2015 at 2:52 AM, David Herrmann <[email protected]> >> wrote: >>> On Mon, Aug 10, 2015 at 4:42 AM, Andy Lutomirski <[email protected]> >>> wrote: >>>> I haven't checked the context in which it's used, but in order for >>>> kdbus_proc_permission to do what it claims to do, it appears to be >>>> missing calls to security_inode_permission and >>>> security_file_permission. >>> >>> Both are expected to be added by lsm patches (both hooks you mentioned >>> are empty if no lsm is selected). >> >> Will that mean that existing MAC policies stop being fully enforced >> (in effect) if kdbus is installed? > > It means kdbus messages carry information about the sender, which LSMs > might prevent you to read via /proc. Just like you can send dbus > messages to a peer, which LSM-enhanced dbus-daemon might not allow.
It's a security-sensitive function that doesn't do what the name and description suggest. Whether that's an active problem or not is unknown, but it's certainly a maintainability problem. > If > you use LSMs, we clearly advise you to wait for kdbus to gain LSM > support. We explicitly support legacy dbus1-compat for exactly such > reasons. This is not an acceptable attitude for security. There are so many things wrong with your statement that I'll limit myself to one of them: Fedora 23/Rawhide, which is the *reference* platform, uses SELinux. --Andy > > Thanks > David -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
