Le mercredi 27 mai 2015 à 19:55 -0700, enh a écrit : > > > On Tue, May 19, 2015 at 9:31 PM, Rob Landley <[email protected]> wrote: > Looking at the smack-10 tree ala: > > commit cbc95a1a00ae0a1a806e7cc241cdf7b821ee4951 > Author: José Bollo <[email protected]> > Date: Mon May 11 18:53:12 2015 +0200 > > mkdir: Add -Z option > > Specifically this bit: > > - for (s=toys.optargs; *s; s++) > + for (s=toys.optargs; *s; s++) { > if (mkpathat(AT_FDCWD, *s, mode, toys.optflags|1)) > perror_msg("'%s'", *s); > + else if (CFG_MKDIR_SECURITY && (toys.optflags & > FLAG_Z)) { > + if (security_set_context(*s, TT.arg_context) < 0) { > + rmdir(*s); > + error_exit("Unable to create directory '%s' with '% > s' as > context.", *s, > + } > + } > + } > > Isn't this racy? You create the directory without a label, > then come along > at some arbitrary point later and add one? Shouldn't we at > least mkpathat() > with mode 000, add the label, and then chmod()? > > > i don't know if this is the least worst job you can do with SMACK, but > this isn't how you'd do it with SELinux. you'd call setfscreatecon > before the mkdir, so there would be no race. call it again with NULL > afterwards to go back to the default.
Hi, There is also a possibility with smack to set the context of the process before creating the directory. This implies that the created directory will get the context of its creating process. But I didn't focused on this because of the 2 following reasons: 1. inside smack, there is an exception to that model. The exception is called the transmutation: under some condition, the label set to the created object is the label of the directory, not the label of the process. 2. when using toybox as a library (I'm not sure if it is possible but... in the case of doubt...), changing the process state might be hazardous. Best regards José _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
