stuff to do

From: Chris Wright (chrisat_private)
Date: Thu May 31 2001 - 11:25:54 PDT

  • Next message: Titus D. Winters: "Re: sys_setpriority error"

    Here is a look at what needs to be done (in no particular order).
    * find calls to cap_issubset (i.e. ptrace, PTRACE_ATTACH option) and figure
      out how to eliminate (this should be handled in capabilities module).
    * move keep_capabilities from task_struct to security blob in task_struct
    # look at mmap write (as brought up by Chris Evans).
    # get game plan for socket (AF_INET, AF_UNIX, AF_INET6, etc.)
    # ipc has been largely untouched.
    * dummy_compute_creds doesn't allow setuid binaries to setuid (see below)
    # consider pushing mount/umount to superblock ops.
    # add ability to pass module name when registering as a secondary module
    * review hooks (esp. capable() hooks) that are embedded in compound
      conditionals to allow each module its own policy.
    Some suggestions from Stephen Smalley
    * break compute_creds apart so the kernel manages the common part of
      setuid/setgid and the modules simply add their own $0.02.
    * review MAY_EXEC check in load_elf_binary()
    * mmap hook, esp. for files that are mmap'd with execute.
    * review placement of file [alloc|free]_security to insure it is consistent
      with creation/deletion of file objects.  consider sepearte hook for
      initializing blob (like attach_pathlabel).
    # review dummy stubs and place superuser checks as approriate.
    * add append distintion on file permssion check (and perhaps look at
      immutable, etc.)
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu May 31 2001 - 11:29:26 PDT