[PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
Tetsuo Handa
penguin-kernel at i-love.sakura.ne.jp
Sat Jun 27 04:36:31 UTC 2020
On 2020/06/27 13:21, Eric W. Biederman wrote:
> Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp> writes:
>> On 2020/06/27 1:45, Eric W. Biederman wrote:
>>> Does this series by using the normal path through exec solve your
>>> concerns with LSMs being able to identify these processes (both
>>> individually and as class)?.
>>
>> I guess "yes" for pathname based LSMs. Though, TOMOYO wants to obtain both
>> AT_SYMLINK_NOFOLLOW "struct path" and !AT_SYMLINK_NOFOLLOW "struct path"
>> at do_open_execat() from do_execveat_common().
>
> Is that a problem with the current do_execveat_common in general?
In general. Since LSM does not receive parameters needed for obtaining
AT_SYMLINK_NOFOLLOW "struct path" (and it is racy even if parameters were
passed to LSM), I want to obtain both paths in one place.
>
> That does not sound like a problem in the user mode driver case as
> there are no symlinks involved.
Right.
More information about the Linux-security-module-archive
mailing list