RE: State of Audit Proposal ?

From: jmjonesat_private
Date: Mon Jul 23 2001 - 12:25:32 PDT

  • Next message: Crispin Cowan: "Re: State of Audit Proposal ?"

    On Mon, 23 Jul 2001, KRAMER,STEVEN (HP-USA,ex1) wrote:
    
    > Are we to use the Linux man pages as a functional spec for the interfaces
    > that LSM must continue to respect?  Has anyone taken the LSM
    > changes, looked at the current state of the hooks, and made sure you're not
    > creating situations where an incorrect errno will be returned?
    > As an example, I'm looking at the sys_read call.  In the man page, there
    > is no EACCES failure, nor do I see it in the sys_read kernel code.
    > So, what kind of error value will the permission(file, MAY_READ) hook
    > return?  Usually you'd think of EACCES failure with such a hook, but
    > you said that it's your understanding that LSM hooks won't return
    > EACCES there because an application wouldn't know how to use such a
    > failure with read(2).
    
    
    I've been working toward some sort of scaffold for man pages documenting
    the hooks at http://lsm.antisoft.com/documentation/manpages. The way the
    hooks are set up, though, they return ANY error back to wherever they got
    called from.  I've resorted to stating "returns -ERROR, *usually* -EPERM 
    if ...", but because of the depth of some of the
    hooks, it's very difficult to determine if the return code is appropriate 
    all the way back up through the kernel and libc.
    
    I've sort of come to the conclusion that WHAT return code should be a
    module side issue, unless we want to look more closely at impact on 
    each and every piece of legacy code from the interface side, which just 
    gets tangled...  unless somebody wants to get to work on untangling them.
    
    I can't see any reason to restrict the return value in the interface...
    
    > 
    > Furthermore, will the meanings for the errnos (such as EACCES) still
    > have the same meaning in the man pages with MAC as they do w/o MAC?
    > 
    
    Probably not, but again, the modifications will be module specific.
    Perhaps a document that details the when and how of return codes should
    be part of the module documentation... outside the scope of the interface,
    imho.
    
    > I have opinions on this, but it's off-topic and therefore I won't
    > respond.  (If anyone cares, I'll mail them directly.)
    
    You're welcome at lsm-discussionat_private ... which is designed
    for "off-topic" but "related" discussions.
    
    > 
    > --steve
    > > 
    
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 12:26:35 PDT