-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
Quoting Andrew Morgan ([EMAIL PROTECTED]):
Serge,
Here is a more fully formed 64-bit capabilities patch than the one I
sent you last week. Its still subject to a bunch of testing.
[The patch is against Linus'
On Nov 1 2007 12:51, Peter Dolding wrote:
This is above me doing code. No matter how many fixes I do to the
core that will not fix dysfunction in the LSM section. Strict
policies on fixing the main security model will be required.
If there is no one wanting to fix the existing code, then the
Jan Engelhardt wrote:
On Nov 1 2007 12:51, Peter Dolding wrote:
This is above me doing code. No matter how many fixes I do to the
core that will not fix dysfunction in the LSM section. Strict
policies on fixing the main security model will be required.
If there is no one wanting to
On Wed, 2007-10-31 at 18:49 -0500, Serge E. Hallyn wrote:
From 5bff8967f45a35f858b96ca673d9bf98eac53d49 Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn [EMAIL PROTECTED]
Date: Wed, 31 Oct 2007 11:22:04 -0500
Subject: [PATCH 1/1] file capabilities: allow sigcont within session (v2)
(This is a
Quoting Stephen Smalley ([EMAIL PROTECTED]):
On Wed, 2007-10-31 at 18:49 -0500, Serge E. Hallyn wrote:
From 5bff8967f45a35f858b96ca673d9bf98eac53d49 Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn [EMAIL PROTECTED]
Date: Wed, 31 Oct 2007 11:22:04 -0500
Subject: [PATCH 1/1] file
This patch series addresses two concerns. Currently when a developer
wishes to obtain a security blob from the LSM he/she has to guess at the
length of the blob being returned. We modify security_inode_getsecurity
to return an appropriately sized buffer populated with the security
information and
Originally vfs_getxattr would pull the security xattr variable using
the inode getxattr handle and then proceed to clobber it with a subsequent call
to the LSM. This patch reorders the two operations such that when the xattr
requested is in the security namespace it first attempts to grab the
Thank you so much for the response. :)
I think a malicious driver (in kernel space) can still call these functions to
create a device node, which is dangerous. If this is not possible, then there
is no security hole.
If that is possible, then the question is if LSM can help -- if the SELinux
Hi Casey/Al/all,
A patch that utilizes Al Viro's concerns on previous smack parser
and solves pevious parser bugs discovered by Ahmed Darwish. By now,
no problem will occur if given smack rules are fragmented over
multiple write() calls.
CC: Al Viro [EMAIL PROTECTED]
Signed-off-by: Ahmed S.
I agree. You are right.
Lin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg KH
Sent: Thursday, November 01, 2007 10:52 AM
To: Tan, Lin
Cc: linux-security-module@vger.kernel.org
Subject: Re: Possible missing security checks in usbfs?
On Thu, Nov 01,
On Nov 1 2007 17:54, Ahmed S. Darwish wrote:
+
+static inline int isblank(char c)
+{
+ return (c == ' ' || c == '\t');
+}
Use isspace().
+ for (i = 0; i count data[i]; i ++)
...
+ subjectstr[(*label_len) ++] = data[i];
i++ w/o space
-
To unsubscribe from this
Serge E. Hallyn [EMAIL PROTECTED] writes:
Quoting Olaf Dietsche ([EMAIL PROTECTED]):
This patch implements filesystem capabilities. It allows to
run privileged executables without the need for suid root.
Changes:
- updated to 2.6.23
- fix const correctness
- fix secureexec
[...]
given
On Thu, 1 Nov 2007, David P. Quigley wrote:
This patch modifies the interface to inode_getsecurity to have the function
return a buffer containing the security blob and its length via parameters
instead of relying on the calling function to give it an appropriately sized
buffer. Security
Quoting David P. Quigley ([EMAIL PROTECTED]):
This patch modifies the interface to inode_getsecurity to have the function
return a buffer containing the security blob and its length via parameters
instead of relying on the calling function to give it an appropriately sized
buffer. Security
Quoting David P. Quigley ([EMAIL PROTECTED]):
Originally vfs_getxattr would pull the security xattr variable using
the inode getxattr handle and then proceed to clobber it with a subsequent
call
to the LSM. This patch reorders the two operations such that when the xattr
requested is in the
On Thu, Nov 01, 2007 at 08:47:01AM -0500, Serge E. Hallyn wrote:
From 5bff8967f45a35f858b96ca673d9bf98eac53d49 Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn [EMAIL PROTECTED]
Date: Wed, 31 Oct 2007 11:22:04 -0500
Subject: [PATCH 1/1] file capabilities: allow sigcont within session
16 matches
Mail list logo