Re: [PATCH 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

2018-03-09 Thread Petr Lautrbach
On Fri, Mar 09, 2018 at 03:39:13PM +0100, Petr Lautrbach wrote: > On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote: > > On 03/09/2018 07:25 AM, Petr Lautrbach wrote: > > > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote: > > >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen

Re: [PATCH 0/8] LSM: Security module stacking

2018-03-09 Thread Casey Schaufler
On 3/9/2018 3:29 AM, Tetsuo Handa wrote: > Casey Schaufler wrote: >> 1/8: Add the smack subdirectory to /proc/.../attr >> 2/8: Move management of cred security blobs to the LSM infrastructure >> 3/8: Move management of file security blobs to the LSM infrastructure >> 4/8: Move management of task

Re: [PATCH] libsemanage: replace access() checks to make setuid programs work

2018-03-09 Thread Stephen Smalley
On 03/09/2018 10:39 AM, Vit Mojzis wrote: > access() uses real UID instead of effective UID which causes false > negative checks in setuid programs. > Replace access() calls (mostly tests for file existence) by stat(). > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431 Thanks, I've

[PATCH] libsemanage: replace access() checks to make setuid programs work

2018-03-09 Thread Vit Mojzis
access() uses real UID instead of effective UID which causes false negative checks in setuid programs. Replace access() calls (mostly tests for file existence) by stat(). Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431 Signed-off-by: Vit Mojzis ---

Re: [PATCH] libsemanage: replace access() checks to make setuid programs work

2018-03-09 Thread Stephen Smalley
On 03/09/2018 10:21 AM, Vit Mojzis wrote: > access() uses real UID instead of effective UID which causes false > negative checks in setuid programs. > Replace access() calls (mostly tests for file existence) by stat(). > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431 > >

[PATCH] libsemanage: replace access() checks to make setuid programs work

2018-03-09 Thread Vit Mojzis
access() uses real UID instead of effective UID which causes false negative checks in setuid programs. Replace access() calls (mostly tests for file existence) by stat(). Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431 Signed-off-by: Vit Mojzis ---

Re: [PATCH 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

2018-03-09 Thread Petr Lautrbach
On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote: > On 03/09/2018 07:25 AM, Petr Lautrbach wrote: > > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote: > >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote: > >>> On 03/06/2018 04:19 PM, Stephen

Re: [PATCH 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

2018-03-09 Thread Stephen Smalley
On 03/09/2018 07:25 AM, Petr Lautrbach wrote: > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote: >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote: >>> On 03/06/2018 04:19 PM, Stephen Smalley wrote: On 03/05/2018 05:16 PM, Nicolas Iooss wrote: >

Re: [PATCH 3/3] libsemanage: replace access() checks to make setuid programs work

2018-03-09 Thread Stephen Smalley
On 03/09/2018 08:28 AM, Stephen Smalley wrote: > On 03/09/2018 08:14 AM, Vit Mojzis wrote: >> >> >> On 7.3.2018 15:59, Stephen Smalley wrote: >>> On 03/06/2018 06:58 AM, Vit Mojzis wrote: access() uses real UID instead of effective UID which causes false negative checks in setuid

Re: [PATCH 3/3] libsemanage: replace access() checks to make setuid programs work

2018-03-09 Thread Stephen Smalley
On 03/09/2018 08:14 AM, Vit Mojzis wrote: > > > On 7.3.2018 15:59, Stephen Smalley wrote: >> On 03/06/2018 06:58 AM, Vit Mojzis wrote: >>> access() uses real UID instead of effective UID which causes false >>> negative checks in setuid programs. >>> Replace access(,F_OK) (i.e. tests for file

Re: [PATCH 3/3] libsemanage: replace access() checks to make setuid programs work

2018-03-09 Thread Vit Mojzis
On 7.3.2018 15:59, Stephen Smalley wrote: On 03/06/2018 06:58 AM, Vit Mojzis wrote: access() uses real UID instead of effective UID which causes false negative checks in setuid programs. Replace access(,F_OK) (i.e. tests for file existence) by stat(). And access(,R_OK) by fopen(,"r") Fixes:

Re: [PATCH 0/8] LSM: Security module stacking

2018-03-09 Thread Tetsuo Handa
Casey Schaufler wrote: > 1/8: Add the smack subdirectory to /proc/.../attr > 2/8: Move management of cred security blobs to the LSM infrastructure > 3/8: Move management of file security blobs to the LSM infrastructure > 4/8: Move management of task security blobs to the LSM infrastructure > 5/8:

Re: [PATCH 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

2018-03-09 Thread Petr Lautrbach
On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote: > On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote: > > On 03/06/2018 04:19 PM, Stephen Smalley wrote: > >> On 03/05/2018 05:16 PM, Nicolas Iooss wrote: > >>> libselinux and libsemanage Makefiles invoke