On Tue, 2010-07-27 at 15:09 -0400, Stephen Smalley wrote:
> On Tue, 2010-07-27 at 14:51 -0400, Eric Paris wrote:
> > My fear was:
> >
> > Process A Process B
> > ------------------------ -------------------------
> > open("/selinux/policy");
> > plm->data = p1
> > plm->len = l1
> > i_size = l1
> > load_policy
> > open("/selinux/policy");
> > plm->data = p2;
> > plm->len = l2;
> > i_size = l2;
> > stat("/selinux/policy");
> > we get i_size=l2
> > stat("/selinux/policy");
> > we get i_size=l2 WHOOPS.
>
> How is that different from corresponding situation for a regular file?
> Doesn't seem like the sort of thing the kernel should worry about.
> I thought the check was to prevent arbitrary allocation of kernel memory
> by spinning in a loop opening /selinux/policy forever. But that doesn't
> require worrying about the inode size changing.
This is actually more the problem with files in /proc. The difference
is that the plm->data and plm->len are still p1 and l1. It's just
stat() that is going to lie to you. So you will either mmap to much or
too little space and you have no idea how long the data you are going to
be reading is...
read() works ok, because it is going to go till the EOF, but you have no
idea where that is with mmap.....
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
