On Mon, 2008-03-17 at 08:55 -0400, Stephen Smalley wrote:
> On Mon, 2008-03-17 at 08:41 +1100, James Morris wrote:
> > On Fri, 14 Mar 2008, Stephen Smalley wrote:
> >
> > > Alternatively, we could default to returning FILE__IOCTL from
> > > file_to_av() if the f_mode has neither FMODE_READ nor FMODE_WRITE, and
> > > thus check ioctl permission on exec or transfer, thereby validating such
> > > descriptors early as with normal r/w descriptors and catching leaks of
> > > them prior to attempted usage.
> >
> > I think this sounds like a good plan.
>
> Handle files opened with flags 3 by checking ioctl permission.
>
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
>
> ---
>
> security/selinux/hooks.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 4bf4807..7d82aa2 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1629,6 +1629,12 @@ static inline u32 file_to_av(struct file *file)
> else
> av |= FILE__WRITE;
> }
> + if (!av) {
We have the flags, would we rather check
if ((file->f_flags & O_ACCMODE) == O_ACCMODE)
This way we would still catch and BUG's we don't know about?
> + /*
> + * Special file opened with flags 3 for ioctl-only use.
> + */
> + av = FILE__IOCTL;
> + }
>
> return av;
> }
>
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
