* Stephen Smalley (sdsat_private) wrote: > > On Wed, 25 Apr 2001, Chris Wright wrote: > > > yes, i had the same needs and made ptrace take two task_struct pointers. > > Was this change supposed to go into the latest patch? It doesn't > appear to be there. yeah, it missed the patch, sorry for any confusion. > > i added this. compute_creds is now part of the lsm interface. > > Rather than changing all calls to compute_creds to call the LSM hook, I > would suggest leaving a minimal compute_creds function that handles > the setuid/setgid processing and calls the LSM hook for all other work. > Otherwise, how will the system work with a null security module? That sounds fine. > By the way, I think that the latest patch is broken for this reason - > I get a kernel NULL pointer dereference during initialization in > load_elf_binary, regardless of whether the capabilities plug is > statically linked or dynamically inserted. now this does not surprise me. i alluded to the fact that it had only been compiled (but wasn't that explicit about the fact that i haven't run it yet). i'll move the compute_creds stuff around and work on making sure the kernel actually runs. > What if you took an incremental approach - add a hook now to capable so > that you have immediate coverage of all existing capable calls, and > then incrementally insert your own finer-grained hooks into the same > locations as the current capable calls (in order of priority, starting > with highly privileged operations whose capabilities are too coarse > grained), and then ultimately remove the hook from capable when/if > you address all of the individual capable calls. Personally, I > don't think you'll ever reach that last stage - the amount of work > doesn't seem justified by the value added. I would expect you to > stop with a mixture of hooks for operations where we want finer-grained > control plus the wide ranging coverage provided by the existing > capable calls. That works for me. The only thing, is that we have to be able to move all of capabilities into a module. so the capable() call would become part of the lsm interface. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 10:09:07 PDT