User: Password:
|
|
Subscribe / Log in / New account

Security modules and ioctl()

Security modules and ioctl()

Posted Mar 2, 2011 18:21 UTC (Wed) by robbe (subscriber, #16131)
Parent article: Security modules and ioctl()

But isn't the same problem already present with DAC? Somebody, somewhere, already has to prevent object-changing ioctls on read-only file descriptors.

What does SELinux want to add to the mix? Is it only so that an object-changing ioctl needs the current role to have {write} rights, while for other ioctls you only need {read}? Does this offer anything in addition to the DAC check above, which is always done anyway?

I think the ideas in this direction are sufficiently vague because ioctls do such a wide range of things.

Let's start with the basics: in which manpage is (for example) the mentioned FIEMAP documented?


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds