Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-18 Thread James Morris
On Fri, 9 Mar 2018, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a race between the Time of Check > (the call to security_kernel_read_file() which could read the file and > make access policy decisions) and the

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-18 Thread James Morris
On Fri, 9 Mar 2018, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a race between the Time of Check > (the call to security_kernel_read_file() which could read the file and > make access policy decisions) and the

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-12 Thread James Morris
On Fri, 9 Mar 2018, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a race between the Time of Check > (the call to security_kernel_read_file() which could read the file and > make access policy decisions) and the

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-12 Thread James Morris
On Fri, 9 Mar 2018, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a race between the Time of Check > (the call to security_kernel_read_file() which could read the file and > make access policy decisions) and the

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-09 Thread Mimi Zohar
On Fri, 2018-03-09 at 11:54 -0800, Kees Cook wrote: > On Fri, Mar 9, 2018 at 11:47 AM, Linus Torvalds > wrote: > > On Fri, Mar 9, 2018 at 11:30 AM, Kees Cook wrote: > >> The LSM check should happen after the file has been confirmed to be > >>

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-09 Thread Mimi Zohar
On Fri, 2018-03-09 at 11:54 -0800, Kees Cook wrote: > On Fri, Mar 9, 2018 at 11:47 AM, Linus Torvalds > wrote: > > On Fri, Mar 9, 2018 at 11:30 AM, Kees Cook wrote: > >> The LSM check should happen after the file has been confirmed to be > >> unchanging. Without this, we could have a race

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-09 Thread Kees Cook
On Fri, Mar 9, 2018 at 11:47 AM, Linus Torvalds wrote: > On Fri, Mar 9, 2018 at 11:30 AM, Kees Cook wrote: >> The LSM check should happen after the file has been confirmed to be >> unchanging. Without this, we could have a race between the

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-09 Thread Kees Cook
On Fri, Mar 9, 2018 at 11:47 AM, Linus Torvalds wrote: > On Fri, Mar 9, 2018 at 11:30 AM, Kees Cook wrote: >> The LSM check should happen after the file has been confirmed to be >> unchanging. Without this, we could have a race between the Time of Check >> (the call to

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-09 Thread Linus Torvalds
On Fri, Mar 9, 2018 at 11:30 AM, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a race between the Time of Check > (the call to security_kernel_read_file() which could read the file and > make

Re: [PATCH v2] exec: Set file unwritable before LSM check

2018-03-09 Thread Linus Torvalds
On Fri, Mar 9, 2018 at 11:30 AM, Kees Cook wrote: > The LSM check should happen after the file has been confirmed to be > unchanging. Without this, we could have a race between the Time of Check > (the call to security_kernel_read_file() which could read the file and > make access policy