I've attached a small patch that adds a receive hook to file_ops and a call to this hook in scm_detach_fds. This hook allows security modules to control the ability of a process to receive an open file descriptor via socket IPC. -- Stephen D. Smalley, NAI Labs ssmalleyat_private Index: include/linux/security.h =================================================================== RCS file: /cvs/lsm/lsm/include/linux/security.h,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- include/linux/security.h 2001/07/20 18:53:00 1.25 +++ include/linux/security.h 2001/07/23 16:52:07 1.26 @@ -97,6 +97,7 @@ int (* fcntl64) (struct file *, unsigned int, unsigned long); int (* set_fowner) (struct file *file); int (* send_sigiotask) (struct task_struct *tsk, struct fown_struct *fown, int fd, int reason); + int (* receive) (struct file *file); }; struct task_security_ops { Index: kernel/security.c =================================================================== RCS file: /cvs/lsm/lsm/kernel/security.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- kernel/security.c 2001/07/20 18:32:06 1.25 +++ kernel/security.c 2001/07/23 16:52:07 1.26 @@ -110,6 +110,7 @@ static int dummy_file_fcntl64 (struct file *file, unsigned int cmd, unsigned long arg) {return 0;} static int dummy_file_set_fowner (struct file *file) {return 0;} static int dummy_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, int fd, int reason) {return 0;} +static int dummy_file_receive (struct file *file) {return 0;} static int dummy_task_create (void) {return 0;} static int dummy_task_alloc_security (struct task_struct *p) {return 0;} @@ -230,6 +231,7 @@ fcntl64: dummy_file_fcntl64, set_fowner: dummy_file_set_fowner, send_sigiotask: dummy_file_send_sigiotask, + receive: dummy_file_receive, }; static struct task_security_ops dummy_task_ops = { Index: kernel/capability_plug.c =================================================================== RCS file: /cvs/lsm/lsm/kernel/capability_plug.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- kernel/capability_plug.c 2001/07/20 18:32:06 1.11 +++ kernel/capability_plug.c 2001/07/23 16:52:07 1.12 @@ -183,6 +183,7 @@ static int cap_file_fcntl64 (struct file *file, unsigned int cmd, unsigned long arg) {return 0;} static int cap_file_set_fowner (struct file *file) {return 0;} static int cap_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, int fd, int reason) { return 0; } +static int cap_file_receive (struct file *file) {return 0;} static int cap_task_create (void) {return 0;} static int cap_task_alloc_security (struct task_struct *p) {return 0;} @@ -393,6 +394,7 @@ fcntl64: cap_file_fcntl64, set_fowner: cap_file_set_fowner, send_sigiotask: cap_file_send_sigiotask, + receive: cap_file_receive, }; static struct task_security_ops cap_task_ops = { Index: net/core/scm.c =================================================================== RCS file: /cvs/lsm/lsm/net/core/scm.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- net/core/scm.c 2001/06/11 18:20:16 1.1.1.1 +++ net/core/scm.c 2001/07/23 16:52:08 1.2 @@ -22,6 +22,7 @@ #include <linux/net.h> #include <linux/interrupt.h> #include <linux/netdevice.h> +#include <linux/security.h> #include <asm/system.h> #include <asm/uaccess.h> @@ -220,6 +221,9 @@ for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++) { int new_fd; + err = security_ops->file_ops->receive(fp[i]); + if (err) + break; err = get_unused_fd(); if (err < 0) break; _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 10:25:48 PDT