SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Signal problem This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ] From: Steve G <linux_4ever_at_yahoo.com> Date: Tue, 26 Apr 2005 12:23:27 -0700 (PDT) Hello, I ran across a problem while working on the audit code that has SE Linux implications. The function security_task_kill does not hook all paths for signal entry/delivery. Just to make sure you know the piece of code I'm talking about: http://lxr.linux.no/source/kernel/signal.c#L630 Some background -- we have a CAPP requirement to identify the sender of the TERM signal to the audit daemon. We placed a hook inside check_kill_permission(). It was called on a PPC, but my i686 kernel never sees it. I think there is some arch specific code that changes how signals are delivered on ix86. My test was simply /etc/rc.d/init.d/auditd stop and then look for a message stating the shutdown signal was received. Using strace, the usual entry method was syscall 37 (kill). After that who knows what the code path is? I'm moving the audit hook to a whole new place to solve our problem. But I thought you might want to know about this since security_task_kill appears to be not hooking signals on all platforms. -Steve Grubb Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 26 Apr 2005 - 15:23:32 EDT This message: [ Message body ] Next message: Stephen Smalley: "Re: Signal problem" Previous message: Paul Moore: "Small patch to udev.te" Next in thread: Stephen Smalley: "Re: Signal problem" Reply: Stephen Smalley: "Re: Signal problem" Reply: Stephen Smalley: "Re: Signal problem" Maybe reply: Steve G: "Re: Signal problem" Maybe reply: Steve G: "Re: Signal problem" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom