[apparmor] First draft of a userspace ipc introspection interface
Kees Cook
kees.cook at canonical.com
Fri Nov 19 00:20:44 GMT 2010
Hi John,
This all looks good. One question below...
On Wed, Nov 17, 2010 at 06:35:01PM -0800, John Johansen wrote:
> /**
> * aa_query_task_ipc - query @origin task as to whether it can ipc with @target
> * @origin: origin task for the ipc request
> * @target: target task for the ipc request
> * @symmetric: whether the communication needs to be symmetric or asymmetric
> * @perms: Return - if successful permission granted for ipc between @origin
> * and @target
> *
> * Returns: 0 on success with permissions in @perms
> * -1 on failure, with errno set to the error condition
> */
> int aa_query_task_ipc(pid_t origin, pid_t target, int symmetric,
> aa_perms_t *perms);
What would the backend access control look like on this? It doesn't feel
right to allow me to ask if two arbitrary pids can talk to eachother.
Perhaps they must match the owner or something? This smacks of PTRACE
insanity.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list