From: Amon Ott <ao@rsbac.org>
Subject: Re: IPC bugs.
Date: Mon, 11 Dec 2000 11:08:01 +0100
Next Article (by Subject): Re: IPC bugs. staringer
Previous Article (by Subject): IPC bugs. Stanislav Ievlev
Top of Thread: IPC bugs. Stanislav Ievlev
Next in Thread: Re: IPC bugs. staringer
Articles sorted by: [Date]
[Author]
[Subject]
On Sam, 09 Dez 2000 Stanislav Ievlev wrote: > There are problems with some IPC objects: > > 1. FIFO. > > a) RSBAC create FIFO file as T_FILE target (see do_mknod() ); > > b) While opening FIFO RSBAC see it as T_IPC ( see filp_open() and > open_namei() ) and get wrong ACI information as a result. > > c) rsbac_get_attr_n() function doesn't allow to see any FIFO's > attributes (Only for Regular, Block and Character Devices) OK, FIFOs where hacked in without much reflection. Functionally, they belong to the IPC object family, but their system representation is as files. What do you prefer: - FIFOs are treated as FILE objects - FIFOs are treated as IPC objects > 2. AF_UNIX sockets > > a) sys_rsbac_set_attr and sys_rsbac_get_attr work with socket using > virtual inode. > > b) While open socket ( open_namei() ) RSBAC see ordinal inode (not > virtual), and apply wrong sock structure (wrong ACI) as a result. > > Note: virtual inode's value you can see in proc (ls -al /proc/1266/fd/*) > real inode you can see using stat (stat ~/my_socket). Well, yes, all this socket stuff. A full redesign is due, but will be a lot of work. get_attr and set_attr are pretty dumb and will work with anything that might be a socket representation. Some better logic would be good. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: IPC bugs. staringer
Previous Article (by Subject): IPC bugs. Stanislav Ievlev
Top of Thread: IPC bugs. Stanislav Ievlev
Next in Thread: Re: IPC bugs. staringer
Articles sorted by: [Date]
[Author]
[Subject]