Re: [redhat-lspp] [Fwd: [Bug 218500] New: LSPP: tkill and tgkill are allowed to kill lower level processes]

Wed, 06 Dec 2006 09:52:45 -0800 

On Wed, 2006-12-06 at 12:31 -0500, Daniel J Walsh wrote:
> Patches accepted.  Looks like something in constraints is broken.

Looks like a bug in the test to me, not the policy.
Added a comment to the bugzilla entry.

> 
> -------- Original Message --------
> Subject:      [Bug 218500] New: LSPP: tkill and tgkill are allowed to kill 
> lower level processes
> Date:         Tue, 5 Dec 2006 14:26:53 -0500
> From:         [EMAIL PROTECTED]
> To:   [EMAIL PROTECTED]
> 
> 
> 
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug report.
> 
> 
> 
> 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218500
> 
>            Summary: LSPP: tkill and tgkill are allowed to kill lower level
>                     processes
>            Product: Red Hat Enterprise Linux Public Beta
>            Version: rhel5-beta2
>           Platform: All
>         OS/Version: Linux
>             Status: NEW
>           Severity: normal
>           Priority: normal
>          Component: selinux-policy-strict
>         AssignedTo: [EMAIL PROTECTED]
>         ReportedBy: [EMAIL PROTECTED]
>                 CC: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
>    Estimated Hours: 0.0
> 
> 
> Description of problem:
> The tkill and tgkill operations allow killing a process that is of lower level
> than the subject.  This is against the BLP model.
> 
> Version-Release number of selected component (if applicable):
> selinux-policy-mls-2.4.3-8.el5
> 
> How reproducible:
> Trivial
> 
> Steps to Reproduce:
> 1. Create a simple infinite loop script #!/bin/sh while true; do a=1; done in
> file called test.sh
> 2. chmod +x test.sh
> 3. chcon -l s0 test.sh
> 4. newrole -l s1
> 5. build and execute supplied testcase which execs test.sh and then attempts 
> to
> kill it with tkill.  To test tgkill change the comment in the test from the
> tgkill line to the tkill line.
>   
> Actual results:
> Able to kill the process
> 
> Expected results:
> Shouldn't be able to kill the process.
> 
> Additional info:
> 
> ------- Additional Comments From [EMAIL PROTECTED]  2006-12-05 14:26 EST 
> -------
> Created an attachment (id=142880)
>  --> 
> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142880&action=view)
> Testcase
> 
> 
-- 
Stephen Smalley
National Security Agency

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

Reply via email to