Re: LSM Patch Additions for CAPP (C2) Audit Trails

• Previous message: Stephen Smalley: "Re: pathnames"
• Next in thread: Chris Wright: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I looked through the CAPP patch again while at USENIX.  Some
additional comments:

Your patch adds various hooks in setattr-related calls that overlap with
setattr hook. Are these calls really necessary?  

Your patch moved the task free_security hook call to do_exit.  Problem:
We want the task security field when it is reaped by the parent, so
we can't free it at this point.

Your patch moves some of the setcapability control logic into the module,
but it still leaves a lot of the functional logic in place.  Doesn't most
of setcapability/getcapability need to be moved into the module to really
allow the capabilities implementation to evolve independently of the base
kernel?

Your patch makes the following changes that seemed reasonable to me:
1) Added the request to the ptrace hook and call it on all requests.
But I don't see value in passing the pid, since we pass the
task_struct and you can extract the pid directly from it.
2) Added a new hook for bdflush.  It would be good to add all the 
parameters.
3) Added a new hook for quotactl.  Can we move it after the kernel lookup
of special to avoid race conditions on the pathname lookup?
4) Added a new hook for nfsservctl.  It would be good to pass all
parameters.
5) Moved post_create/mkdir/mknod/etc to always be called and pass the
error status.
6) Moved setcapability logic into module, but see my comment above.
7) Added a new hook for chroot.
8) Added delete_module call in the automatic reaping case.
9) Added which parameter to setnice.  But I don't see value in
passing who, since we pass the task_struct.
10) Added new hooks for getpgid, setpgid, getsid, setsid, prctl.
11) Added old_rlim parameter to setrlimit.  However, notice
that you can obtain old_rlim from within the hook if you want
given the resource.

One thing to watch for - we want to avoid passing user space
pointers to modules, but it may not be easy to place the hooks
after the kernel copy.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private





_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Emily Ratliff: "Update - Re: Kernel Security Extensions USENIX BOF Summary"
• Previous message: Stephen Smalley: "Re: pathnames"
• Next in thread: Chris Wright: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 13:23:17 PDT