On Thu, 2009-06-25 at 07:59 -0500, Serge E. Hallyn wrote: > Quoting Stephen Smalley (sds@xxxxxxxxxxxxxx): > > On Wed, 2009-06-24 at 17:07 -0500, Serge E. Hallyn wrote: > > > Oh, no. I wasn't thinking right. > > > > > > The objects are actually restored through calls to do_shmget() etc, > > > so that security_xyz_alloc() already gets called. > > > > Does this mean that the objects temporarily exist in the wrong security > > context and are accessible to other threads during the interval between > > creation and when they get "restored" to the right security context? > > They get restored in a private IPC namespace so they aren't accessible > to any live tasks. Also, the objects will be created using the default > context for the program doing sys_restore(), running as app_restore_t or > something, so presumably a policy could ensure that such temporary > objects aren't readable by anyone else, just in case something goes > wrong before the security_ipcxyz_restore(), right? That could be confusing if the program ever needs to legitimately create any objects of its own for other purposes. But the private IPC namespace should be sufficient. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
