[Toybox] Adding LSM support to mkdir.
José Bollo
jobol at nonadev.net
Wed May 27 23:55:09 PDT 2015
Le mercredi 27 mai 2015 à 19:55 -0700, enh a écrit :
>
>
> On Tue, May 19, 2015 at 9:31 PM, Rob Landley <rob at landley.net> wrote:
> Looking at the smack-10 tree ala:
>
> commit cbc95a1a00ae0a1a806e7cc241cdf7b821ee4951
> Author: José Bollo <jose.bollo at open.eurogiciel.org>
> Date: Mon May 11 18:53:12 2015 +0200
>
> mkdir: Add -Z option
>
> Specifically this bit:
>
> - for (s=toys.optargs; *s; s++)
> + for (s=toys.optargs; *s; s++) {
> if (mkpathat(AT_FDCWD, *s, mode, toys.optflags|1))
> perror_msg("'%s'", *s);
> + else if (CFG_MKDIR_SECURITY && (toys.optflags &
> FLAG_Z)) {
> + if (security_set_context(*s, TT.arg_context) < 0) {
> + rmdir(*s);
> + error_exit("Unable to create directory '%s' with '%
> s' as
> context.", *s,
> + }
> + }
> + }
>
> Isn't this racy? You create the directory without a label,
> then come along
> at some arbitrary point later and add one? Shouldn't we at
> least mkpathat()
> with mode 000, add the label, and then chmod()?
>
>
> i don't know if this is the least worst job you can do with SMACK, but
> this isn't how you'd do it with SELinux. you'd call setfscreatecon
> before the mkdir, so there would be no race. call it again with NULL
> afterwards to go back to the default.
Hi,
There is also a possibility with smack to set the context of the process
before creating the directory. This implies that the created directory
will get the context of its creating process.
But I didn't focused on this because of the 2 following reasons:
1. inside smack, there is an exception to that model. The exception is
called the transmutation: under some condition, the label set to the
created object is the label of the directory, not the label of the
process.
2. when using toybox as a library (I'm not sure if it is possible but...
in the case of doubt...), changing the process state might be hazardous.
Best regards
José
1432796109.0
More information about the Toybox
mailing list