Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants

On Fri, 19 Feb 2021, Paul Moore wrote: > diff --git a/drivers/android/binder.c b/drivers/android/binder.c > index c119736ca56ac..39d501261108d 100644 > --- a/drivers/android/binder.c > +++ b/drivers/android/binder.c > @@ -2700,7 +2700,7 @@ static void binder_transaction(struct binder_proc *proc,

Re: security_task_getsecid() and subjective vs objective task creds

On Thu, 18 Feb 2021, Paul Moore wrote: > Hi all, > > When looking into a problem I noticed that audit was recording the > wrong subject label for a process. Is this a public bug? It would be good to know what the extent of this issue may be and whether it warrants a CVE. -- James Morris --

Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants

On 2/19/2021 3:28 PM, Paul Moore wrote: > As discussed briefly on the list (lore link below), we are a little > sloppy when it comes to using task credentials, mixing both the > subjective and object credentials. This patch set attempts to fix > this by replacing security_task_getsecid() with two

[RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials

With the split of the security_task_getsecid() into subjective and objective variants it's time to update Smack to ensure it is using the correct task creds. Signed-off-by: Paul Moore --- security/smack/smack.h | 18 +- security/smack/smack_lsm.c | 40

[RFC PATCH 4/4] apparmor: differentiate between subjective and objective task credentials

With the split of the security_task_getsecid() into subjective and objective variants it's time to update AppArmor to ensure it is using the correct task creds. Signed-off-by: Paul Moore --- security/apparmor/domain.c |2 +- security/apparmor/include/cred.h | 19 ---

[RFC PATCH 2/4] selinux: clarify task subjective and objective credentials

SELinux has a function, task_sid(), which returns the task's objective credentials, but unfortunately is used in a few places where the subjective task credentials should be used. Most notably in the new security_task_getsecid_subj() LSM hook. This patch fixes this and attempts to make things

[RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants

As discussed briefly on the list (lore link below), we are a little sloppy when it comes to using task credentials, mixing both the subjective and object credentials. This patch set attempts to fix this by replacing security_task_getsecid() with two new hooks that return either the subjective

[RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants

Of the three LSMs that implement the security_task_getsecid() LSM hook, all three LSMs provide the task's objective security credentials. This turns out to be unfortunate as most of the hook's callers seem to expect the task's subjective credentials, although a small handful of callers do

Re: [PATCH ghak124 v3] audit: log nftables configuration change events

On 2021-02-19 01:26, Richard Guy Briggs wrote: > On 2021-02-18 23:42, Florian Westphal wrote: > > Richard Guy Briggs wrote: > > > > If they appear in a batch tehy will be ignored, if the batch consists of > > > > such non-modifying ops only then nf_tables_commit() returns early > > > > because

Re: security_task_getsecid() and subjective vs objective task creds

On Thu, Feb 18, 2021 at 4:40 PM Casey Schaufler wrote: > On 2/18/2021 11:34 AM, Paul Moore wrote: ... > > How do we want to fix this? The obvious fix is to change the SELinux, > > AppArmor, and Smack security_task_getsecid() implementations to return > > the subjective security ID (->cred),