Missing security_file_permission() check from sys_splice()

2007-11-08 Thread Lin Tan
Seems that an unauthorized user can send file through sockets due to the following missing check errors. There is not security_file_permission() check from sys_splice(), which can invoke sock_sendpage(). The call chain is as follows. sys_splice -> do_splice -> do_splice_from -> generic_splice

Re: [PATCH] 64 bit capabilities

2007-11-08 Thread Andrew Morgan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 KaiGai Kohei wrote: > Serge E. Hallyn wrote: >> Kaigai, Andrew, I believe you are maintaining competing versions >> of libcap, http://code.google.com/p/libcap/ and >> http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ >> >> -serge >

[PATCH 1/2] NetLabel: Introduce a new kernel configuration API for NetLabel - Version 11 (2.6.24-rc2) Smack: Simplified Mandatory Access Control Kernel

2007-11-08 Thread Casey Schaufler
From: Paul Moore <[EMAIL PROTECTED]> Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying on assistance from userspace. Signed-off-by: Paul Moore <[EMAIL PROTECTED]> --- include/net/netlabel.h

[PATCH 0/2] Version 11 (2.6.24-rc2) Smack: Simplified Mandatory Access Control Kernel

2007-11-08 Thread Casey Schaufler
This is version 11 of the Simplified Mandatory Access Control Kernel. The whole thing as available on the Smack home page at http://schaufler-ca.com The attachments to this message are not kernel code. They are early versions of the smackload and smackcipso programs, and are included in the

Re: [PATCH] 64 bit capabilities

2007-11-08 Thread KaiGai Kohei
Serge E. Hallyn wrote: Kaigai, Andrew, I believe you are maintaining competing versions of libcap, http://code.google.com/p/libcap/ and http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ -serge Please tell me the repository path of Andrew Morgan's libcap. I'll post the patc

AppArmor Security Goal

2007-11-08 Thread Crispin Cowan
re-sent due to a typo in addressing. AppArmor Security Goal Crispin Cowan, PhD MercenaryLinux.com This document is intended to specify the security goal that AppArmor is intended to achieve, so that users can evaluate whether AppArmor will meet their needs, and kernel developers can evaluate whet

AppArmor Security Goal

2007-11-08 Thread Crispin Cowan
AppArmor Security Goal Crispin Cowan, PhD MercenaryLinux.com This document is intended to specify the security goal that AppArmor is intended to achieve, so that users can evaluate whether AppArmor will meet their needs, and kernel developers can evaluate whether AppArmor is living up to its claim

Re: Problem with accessing namespace_sem from LSM.

2007-11-08 Thread Crispin Cowan
Christoph Hellwig wrote: > On Thu, Nov 08, 2007 at 07:04:23AM +0900, Tetsuo Handa wrote: >> The reason why I want to access namespace_sem inside security_inode_create() >> is that >> it doesn't receive "struct vfsmount" parameter. >> If "struct vfsmount" *were* passed to security_inode_create(),

Re: [PATCH] 64 bit capabilities

2007-11-08 Thread Serge E. Hallyn
Kaigai, Andrew, I believe you are maintaining competing versions of libcap, http://code.google.com/p/libcap/ and http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ -serge Quoting Andrew Morgan ([EMAIL PROTECTED]): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Andrew, S