On Fri, 2007-01-19 at 11:11 -0800, Ulrich Drepper wrote: > Stephen Smalley wrote: > > In the future, I'd like to see proc permission checking revised to > > distinguish read-only access to process state vs. full ptrace access. > > That would have to be much more detailed than just read/writer vs > read-only. ptrace reads can leak information (especially a no-no for > MLS but also for normal operation). For instance, you don't want to > allow poking a process to get randomization values/seeds like the one > used for pointer encryption. > > So, you'd have to go into great detail and maybe even split the > functionality of a single ptrace or /proc operation in minute parts > which might or might not be allowed. Understood, but the current situation leads to overly permissive policy (or excessive use of dontaudits and limited functionality) just to give some visibility into the process state. Having to allow domain A full ptrace control over domain B just to let domain A see some of domain B's /proc/pid state is overkill. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
