On Thu, Nov 01, 2007 at 08:47:01AM -0500, Serge E. Hallyn wrote:
> > > >From 5bff8967f45a35f858b96ca673d9bf98eac53d49 Mon Sep 17 00:00:00 2001
> > > From: Serge E. Hallyn <[EMAIL PROTECTED]>
> > > Date: Wed, 31 Oct 2007 11:22:04 -0500
> > > Subject: [PATCH 1/1] file capabilities: allow sigcont with
Quoting David P. Quigley ([EMAIL PROTECTED]):
> Originally vfs_getxattr would pull the security xattr variable using
> the inode getxattr handle and then proceed to clobber it with a subsequent
> call
> to the LSM. This patch reorders the two operations such that when the xattr
> requested is in t
Quoting David P. Quigley ([EMAIL PROTECTED]):
> This patch modifies the interface to inode_getsecurity to have the function
> return a buffer containing the security blob and its length via parameters
> instead of relying on the calling function to give it an appropriately sized
> buffer. Security
On Thu, 1 Nov 2007, David P. Quigley wrote:
> This patch modifies the interface to inode_getsecurity to have the function
> return a buffer containing the security blob and its length via parameters
> instead of relying on the calling function to give it an appropriately sized
> buffer. Security b
On Thu, 1 Nov 2007, David P. Quigley wrote:
> Originally vfs_getxattr would pull the security xattr variable using
> the inode getxattr handle and then proceed to clobber it with a subsequent
> call
> to the LSM. This patch reorders the two operations such that when the xattr
> requested is in th
On Thu, Nov 01, 2007 at 08:47:01AM -0500, Serge E. Hallyn wrote:
> Egads. I knew I should've just kept that part out of it for the first
> patch...
>
> New patch on top of previous one is appended.
I assume you'll just collapse the two patches together before you
submit them? I've been distract
"Serge E. Hallyn" <[EMAIL PROTECTED]> writes:
> Quoting Olaf Dietsche ([EMAIL PROTECTED]):
>> This patch implements filesystem capabilities. It allows to
>> run privileged executables without the need for suid root.
>>
>> Changes:
>> - updated to 2.6.23
>> - fix const correctness
>> - fix securee
On Nov 1 2007 17:54, Ahmed S. Darwish wrote:
>+
>+static inline int isblank(char c)
>+{
>+ return (c == ' ' || c == '\t');
>+}
Use isspace().
>+ for (i = 0; i < count && data[i]; i ++)
>...
>+ subjectstr[(*label_len) ++] = data[i];
i++ w/o space
-
To unsubscribe f
I agree. You are right.
Lin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg KH
Sent: Thursday, November 01, 2007 10:52 AM
To: Tan, Lin
Cc: linux-security-module@vger.kernel.org
Subject: Re: Possible missing security checks in usbfs?
On Thu, Nov 01,
Hi Casey/Al/all,
A patch that utilizes Al Viro's concerns on previous smack parser
and solves pevious parser bugs discovered by Ahmed Darwish. By now,
no problem will occur if given smack rules are fragmented over
multiple write() calls.
CC: Al Viro <[EMAIL PROTECTED]>
Signed-off-by: Ahmed S. Dar
On Thu, Nov 01, 2007 at 10:42:02AM -0500, Tan, Lin wrote:
> Thank you so much for the response. :)
>
> I think a malicious driver (in kernel space) can still call these
> functions to create a device node, which is dangerous. If this is not
> possible, then there is no security hole.
I don't see
Thank you so much for the response. :)
I think a malicious driver (in kernel space) can still call these functions to
create a device node, which is dangerous. If this is not possible, then there
is no security hole.
If that is possible, then the question is if LSM can help -- if the SELinux
Originally vfs_getxattr would pull the security xattr variable using
the inode getxattr handle and then proceed to clobber it with a subsequent call
to the LSM. This patch reorders the two operations such that when the xattr
requested is in the security namespace it first attempts to grab the value
This patch modifies the interface to inode_getsecurity to have the function
return a buffer containing the security blob and its length via parameters
instead of relying on the calling function to give it an appropriately sized
buffer. Security blobs obtained with this function should be freed usin
This patch series addresses two concerns. Currently when a developer
wishes to obtain a security blob from the LSM he/she has to guess at the
length of the blob being returned. We modify security_inode_getsecurity
to return an appropriately sized buffer populated with the security
information and t
Quoting Stephen Smalley ([EMAIL PROTECTED]):
> On Wed, 2007-10-31 at 18:49 -0500, Serge E. Hallyn wrote:
> > >From 5bff8967f45a35f858b96ca673d9bf98eac53d49 Mon Sep 17 00:00:00 2001
> > From: Serge E. Hallyn <[EMAIL PROTECTED]>
> > Date: Wed, 31 Oct 2007 11:22:04 -0500
> > Subject: [PATCH 1/1] file
On Wed, 2007-10-31 at 18:49 -0500, Serge E. Hallyn wrote:
> >From 5bff8967f45a35f858b96ca673d9bf98eac53d49 Mon Sep 17 00:00:00 2001
> From: Serge E. Hallyn <[EMAIL PROTECTED]>
> Date: Wed, 31 Oct 2007 11:22:04 -0500
> Subject: [PATCH 1/1] file capabilities: allow sigcont within session (v2)
>
> (T
Jan Engelhardt wrote:
On Nov 1 2007 12:51, Peter Dolding wrote:
This is above me doing code. No matter how many fixes I do to the
core that will not fix dysfunction in the LSM section. Strict
policies on fixing the main security model will be required.
If there is no one wanting to
18 matches
Mail list logo
