On Thu, 2007-03-22 at 19:49 -0400, James Morris wrote: > On Thu, 22 Mar 2007, Joy Latten wrote: > > > > I would look at this patch differently if there were some > > > security level key being checked for a match here, which is > > > an input key to the flush, but that is not what is happening > > > here as the object is being looked at by itself. > > > > Yes, I understand what you are saying. > > I was concerned about having to check each entry > > to flush database. > > > > I did this patch because we check for authorization > > when deleting single specified entries from the SAD/SPD. It > > seem like a hole to me that we check for this, but that same > > user/process can delete the entire database with no checks. > > Indeed. Removing an entry is modifying MAC policy, which requires > appropriate authorization. > > The security label is encapsulated with the object, which is why it's > passed to the security layer. > > Perhaps a better semantic would be to fail the entire flush operation if > one of the security checks failed. e.g. loop through for permissions > first, then if all ok, loop through for deletion. > Ok, will code this up and test it if there are no objections.
Joy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
