On Mon, 23 Apr 2001 Valdis.Kletnieksat_private wrote: > On Mon, 23 Apr 2001 15:09:47 EDT, jmjonesat_private said: > > What about a single, documented, standard call that may or may not return > > anything useful, depending on the policy/module in place? > > > > lsm_advisory_type * lsm_error(lsm_advisory_type *lat); > > > > which would fill in the structure (or whatever) with something standardly > > meaningful or just NULL or "I COULD TELL YOU, BUT THEN I'D HAVE TO > > KILL YOU" or the equivalent? > > How about this: > > for PAM, we have this sort of thing: > > rc = pam_function(...); > if (rc) { perror(errno), pam_strerror(rc) }; > > Of course, for syscalls, rc and errno are both used, so we'd need this: > > extern int errno, lsm_errno; > > rc = some_syscall(...); > if (rc) { > if (errno = EPERM) { > lsm_perror(lsm_errno); > } > else perror(); > } > > And if a LSM wants to be opaque, it can return an lsm_errno that > causes lsm_perror() to return 'Permission Denied' same as perror. If > it wants to be very wordy, it can pass back a 32-bit value that > lsm_perror can send across an IPC to a daemon process that looks up > the event in a journal and hands back a string saying "denied because > this process is in user class FOOBAR and has already used its limit of > mmap() calls per 5-minute interval". That looks great to me! Very minor changes to existing code, and probably not a great deal of overhead in a module that DOESN'T want to provide this service. Consideration for another time, perhaps, a small subset of lsm_errno's that are globally meaningful across modules that do want to provide this sort of meaningful feedback to application space: #DEFINE LSM_NOERROR 0x00 #DEFINE LSM_PERM 0x01 (for the "how dare you ASK such a question set) ... more here describing the locus of the rejection relatively meaningfully without giving away any secrets... > > Now - how to ensure that /usr/lib/liblsm.so points at a lsm_perror() > that matches the LSM? Or is that a sysadmin/install issue? ;) > Seems to ME if you install an lsm, you'd install the libraries that go with it. Sysadmin/Install issue. Any module that protected ITSELF from sereptitious replacement and provided this sort of information, would also be able to protect the liblsm.so, n'est-ce pas? > /Valdis > > Only thing is, I'm not sure this would involve anything in the kernel hooks area, only in a "quasi-standard" for the modules, which may be getting out of our arena here? What would need to go into the hooks? J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 12:55:26 PDT