Here's a small patch for adding security checks for lock(), lseek() and llseek(), and a permission check on readdir() calls. The (l)lseek and lock() hooks call the relevant security ops function, while the readdir() hook calls the permission() function. These hooks are similar to hooks provided in the SELinux prototype. This patch was generated against the 2.4.6-pre3 tree. Let me know of any issues. Thanks, -- Wayne Salamon wsalamonat_private diff -X dontdiff -ru lsm-wirex/fs/locks.c lsm-new/fs/locks.c --- lsm-wirex/fs/locks.c Fri Jun 22 09:06:59 2001 +++ lsm-new/fs/locks.c Mon Jul 2 12:42:13 2001 @@ -1311,6 +1311,10 @@ if (!filp) goto out; + error = security_ops->file_ops->lock(filp); + if(error) + goto out_putf; + error = flock_translate_cmd(cmd); if (error < 0) goto out_putf; diff -X dontdiff -ru lsm-wirex/fs/read_write.c lsm-new/fs/read_write.c --- lsm-wirex/fs/read_write.c Fri Jun 22 09:06:59 2001 +++ lsm-new/fs/read_write.c Mon Jul 2 12:42:13 2001 @@ -71,6 +71,13 @@ file = fget(fd); if (!file) goto bad; + + retval = security_ops->file_ops->llseek(file); + if (retval) { + fput(file); + goto bad; + } + retval = -EINVAL; if (origin <= 2) { loff_t res = llseek(file, offset, origin); @@ -96,6 +103,11 @@ file = fget(fd); if (!file) goto bad; + + retval = security_ops->file_ops->llseek(file); + if (retval) + goto out_putf; + retval = -EINVAL; if (origin > 2) goto out_putf; diff -X dontdiff -ru lsm-wirex/fs/readdir.c lsm-new/fs/readdir.c --- lsm-wirex/fs/readdir.c Fri Jun 22 09:06:59 2001 +++ lsm-new/fs/readdir.c Mon Jul 2 12:42:13 2001 @@ -19,6 +19,11 @@ int res = -ENOTDIR; if (!file->f_op || !file->f_op->readdir) goto out; + + res = security_ops->file_ops->permission(file, MAY_READ); + if (res) + goto out; + down(&inode->i_sem); down(&inode->i_zombie); res = -ENOENT; _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 12:17:27 PDT