On a Debian/Lenny system with the latest updates running kernel 2.6.26-2-xen-686 with the Ext3 filesystem I have discovered a problem with assigning the context to files. If I create a file with "cat /dev/zero > /tmp/foo" then the file on disk doesn't seem to get it's label written before umount. So I can create the file, run "sync" a couple of times, then mount an LVM snapshot of the filesystem and discover it labelled as file_t. Or if I reboot the system (EG by triggering a watchdog timer) then the system will boot up with the file unlabelled. So someone who can fill a filesystem and trigger then a reboot (through a watchdog timer or through a DoS attack that causes someone to press reset) can cause an unlabelled file to appear. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
