* Chris Vance (cvanceat_private) wrote: > > I have added hooks in the following locations: thanks again for the patch. i finally had the time last night to review the hooks. some comments below... > fcntl/fcntl64 (sys_fcntl/sys_fcntl64): Added hooks to authorize these > operations. Additionally, a security field was added to the > fown_struct so that the attributes of the owning process could > be maintained for later use in send_sigio_to_task. > > fcntl (send_sigio_to_task): Added hook to verify signal permissions. i'm not real familiar with this code path, so please correct my misunderstandings. the fown_ops->alloc_security in F_SETOWN is a perfect example of needing to separate allocation from setting the security blob. i think this should really be set (not alloc), as the space should have already been allocated, (perhaps in get_empty_filp). and i don't see any free (granted this may be a simple 32 bit security id superimposed on the void *, but we should get the chance to free in case it is actual allocated space). should the blob be set when a lease is established, or directory notification turned on? since both of these actions maninpulate the f_owner.pid, and these can generate io signals to be sent. i want to make sure that the send_sigiotask() check will always have a properly filled in f_owner.security blob. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 09:35:29 PDT