SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Signal problem This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Tue, 26 Apr 2005 15:51:46 -0400 On Tue, 2005-04-26 at 12:23 -0700, Steve G wrote: > Hello, > > I ran across a problem while working on the audit code that has SE Linux > implications. The function security_task_kill does not hook all paths for signal > entry/delivery. Just to make sure you know the piece of code I'm talking > about: > > http://lxr.linux.no/source/kernel/signal.c#L630 > > Some background -- we have a CAPP requirement to identify the sender of the > TERM signal to the audit daemon. We placed a hook inside check_kill_permission(). > It was called on a PPC, but my i686 kernel never sees it. I think there is some > arch specific code that changes how signals are delivered on ix86. > > My test was simply /etc/rc.d/init.d/auditd stop > and then look for a message stating the shutdown signal was received. > > Using strace, the usual entry method was syscall 37 (kill). After that who knows > what the code path is? I'm moving the audit hook to a whole new place > to solve our problem. But I thought you might want to know about this since > security_task_kill appears to be not hooking signals on all platforms. Hmmmm...how certain are you? Basic testing of signal controls and auditing (via SELinux) seems to be working as expected here on x86. -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 26 Apr 2005 - 16:00:38 EDT This message: [ Message body ] Next message: Stephen Smalley: "Re: Signal problem" Previous message: Steve G: "Signal problem" In reply to: Steve G: "Signal problem" Next in thread: Chris Wright: "Re: Signal problem" Reply: Chris Wright: "Re: Signal problem" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom