Re: A Comment from User Space

From: Chris Wright (chrisat_private)
Date: Tue Apr 24 2001 - 16:57:55 PDT

  • Next message: Crispin Cowan: "Re: A Comment from User Space"

    * David Wagner (dawat_private) wrote:
    > Chris Wright  wrote:
    > >* Tim Hollebeek (thollebeekat_private) wrote:
    > >> With the three-function interface, it is much simpler to guarantee the
    > >> invariant that before_foo() runs iff check_foo() is true.
    > >
    > >i'm sorry, i don't understand this argument.
    > >
    > >static int do_check_foo(args);
    > >static void do_before_foo(args);
    > >int module_check_foo(args)
    > >{
    > >	int ret = do_check_foo(args);
    > >	if (!ret)
    > >		do_before_foo(args);
    > >	return ret;
    > >}
    > 
    > A few potential drawbacks:
    >  * You have to know what method the caller of module_check_foo() uses
    >    to determine whether the call will be allowed.  If it's always
    >    "if (!ret)", then you're ok, but if it is even more complex than
    >    that (e.g., MAC override; or if a call can be denied by Unix file
    >    permissions even though the module said it was ok to allow it),
    >    then the above fails.
    
    Thanks for the explanation.  I have been complaining about this very issue
    while working on the capabilities port and didn't see the correlation.
    
    thanks,
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 17:05:51 PDT