* Andrew Morgan <morganat_private> [010416 20:32]: > How will you handle backward compatibility? > > Kernel X has 75 function definitions in 'struct check_struct'. Kernel > X+1 has 76. Doesn't a module that was built for version X break in the > face of this? Are you going to rely on kernel module versioning to help > address this issue - namely, refuse to load a mis-matched module? Could this system be made more generic? init_module() { int nrfuncs, i; nrfuncs = get_kernel_security_hook_count(); for (i=0; i < nrfuncs; i++) { switch (i) { case CHECK_FS_OPEN: mymodule_checks[CHECK_FS_OPEN] = &mymodule_fs_open; case CHECK_FS_READ: mymodule_checks[CHECK_FS_READ] = &mymodule_fs_read; /* ... */ default: mymodule_checks[i] = &mymodule_instant_return_EACCES; } } kernel_set_check_policy (&mymodule_checks); } However, I think the *correct* approach is just as you suggested -- refuse to load. Rationale: if a new hook was added, it could very well grant more access than the module would want to allow. Default deny on such instances wouldn't be ideal -- it may be required for proper operation of the machine. Default allow on such instances wouldn't be ideal -- it may allow a new form of file descriptors to be passed around or something similar to bypass the other checks. By providing more functionality than the carefully designed modules have taken into account, the interactions should probably *not* be figured out by the kernel at load time. Perhaps this could be left up to the individual modules again: init_module() { if (OUR_FUNCTION_COUNT != get_kernel_security_hook_count()) return 1; /* continue loading as below */ } Or would people perfer a static system of determining that module X won't load into kernel Y? [These are all just thoughts; don't hesitate to tear these suggestions apart if there is no redeeming value in them. :] > Chris Wright wrote: > > > init_module() > > > { > > > struct check_struct mymodule_checks = { > > > check_fs_open: & mymodule_fs_read, > > > check_fs_read: & mymodule_fs_open, > > > check_fs_write: & mymodule_fs_write, > > > check_socket_open: & mymodule_socket, > > > check_socket_read: & mymodule_socket, > > > check_socket_write: & check_socket_write_refuse, > > > ... > > > check_kernel_checkpolicy_set: & mymodule_kernel_checkpolicy_set, > > > /* How we accept other security modules...*/ > > > }; > > > > > > kernel_set_check_policy (&mymodule_checks); -- Earthlink: The #1 provider of unsolicited bulk email to the Internet. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 21:01:14 PDT