[redhat-lspp] [Fwd: [Bug 218500] New: LSPP: tkill and tgkill are allowed to kill lower level processes]

Wed, 06 Dec 2006 09:31:47 -0800 

Patches accepted.  Looks like something in constraints is broken.

-------- Original Message --------
Subject: [Bug 218500] New: LSPP: tkill and tgkill are allowed to kill lower level processes 
Date:   Tue, 5 Dec 2006 14:26:53 -0500
From:   [EMAIL PROTECTED]
To:     [EMAIL PROTECTED]



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218500

          Summary: LSPP: tkill and tgkill are allowed to kill lower level
                   processes
          Product: Red Hat Enterprise Linux Public Beta
          Version: rhel5-beta2
         Platform: All
       OS/Version: Linux
           Status: NEW
         Severity: normal
         Priority: normal
        Component: selinux-policy-strict
       AssignedTo: [EMAIL PROTECTED]
       ReportedBy: [EMAIL PROTECTED]
               CC: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
  Estimated Hours: 0.0


Description of problem:
The tkill and tgkill operations allow killing a process that is of lower level
than the subject.  This is against the BLP model.

Version-Release number of selected component (if applicable):
selinux-policy-mls-2.4.3-8.el5

How reproducible:
Trivial

Steps to Reproduce:
1. Create a simple infinite loop script #!/bin/sh while true; do a=1; done in
file called test.sh
2. chmod +x test.sh
3. chcon -l s0 test.sh
4. newrole -l s1
5. build and execute supplied testcase which execs test.sh and then attempts to
kill it with tkill.  To test tgkill change the comment in the test from the
tgkill line to the tkill line.
Actual results: 
Able to kill the process

Expected results:
Shouldn't be able to kill the process.

Additional info:

------- Additional Comments From [EMAIL PROTECTED]  2006-12-05 14:26 EST -------
Created an attachment (id=142880)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142880&action=view)
Testcase


--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are on the CC list for the bug, or are watching someone who is.

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

Reply via email to