On Mon, 2008-03-17 at 08:41 +1100, James Morris wrote:
> On Fri, 14 Mar 2008, Stephen Smalley wrote:
>
> > Alternatively, we could default to returning FILE__IOCTL from
> > file_to_av() if the f_mode has neither FMODE_READ nor FMODE_WRITE, and
> > thus check ioctl permission on exec or transfer, thereby validating such
> > descriptors early as with normal r/w descriptors and catching leaks of
> > them prior to attempted usage.
>
> I think this sounds like a good plan.
Handle files opened with flags 3 by checking ioctl permission.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
security/selinux/hooks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4bf4807..7d82aa2 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1629,6 +1629,12 @@ static inline u32 file_to_av(struct file *file)
else
av |= FILE__WRITE;
}
+ if (!av) {
+ /*
+ * Special file opened with flags 3 for ioctl-only use.
+ */
+ av = FILE__IOCTL;
+ }
return av;
}
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
