I agree with your logic here, and during a hurried look while packing,
it does look like I (for my own purposes) *would* be better off
using the existing security_ops->bprm_ops->alloc_security(bprm) call
at the bottom of prepare_binprm.
I suspect I may have been the only person wanting the set_label()
function in the first place. If that is not the case, then someone
please speak up. Otherwise, if noone beats me to the punch, I'll
offer a simple patch removing {re,}set_label when I get back from
usenix.
-serge
> Some of your hook calls pass filenames provided by applications. To
> be fair, this was already true for the task set_label hook, but I also
> question the need for that hook given the binprm security operations.
> I would argue that the hooks should be passed the result of the kernel
> lookup, i.e. the struct dentry (and vfsmount if you really need the
> absolute pathname) or the struct file. Otherwise, there is a race
> condition between the module lookup of the pathname and the base
> kernel lookup of the pathname, and the module must deal with things
> like relative pathnames.
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 12:17:27 PDT