Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: dynamic context transitions
From: Stephen Smalley <sds_at_epoch.ncsc.mil>
Date: Fri, 19 Nov 2004 12:17:24 -0500
Unless you have an actual usage scenario for this functionality, I'd suggest a simple prohibition of any change in context even by the thread group leader if there are any child threads. That would still allow a process to change its context prior to spawning any threads, e.g. to shed privileges during startup. Changing the security attributes of other threads without their explicit awareness/consent is undesirable; note that SELinux currently prevents setprocattr on another task. While this prohibition may be appropriate for your usage, I'd also like to check whether it is going to be a problem for use by other applications, e.g. multi-threaded file servers. They may presently take advantage of the per-thread fsuid attribute; will they need similar support for SELinux contexts? -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 19 Nov 2004 - 12:21:40 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |