James Morris wrote: > Indeed! > > So, this means that we can't have ioctl() hooks that need to validate user > data anywhere other than the point where the user data is normally copied > from userspace. > OK, but how many hooks do we want? Minimal, correct? Looking at ioctl.c, there are three get_user() calls. Do we call a hook so an LSM can check what the process is trying to do, or are these cases where the generic ioctl() hook is sufficient? The secondary question is how do we decide what any future LSM might need to verify as far as user-space data is concerned? I don't think we want three ioctl() hooks in ioctl.c, plus the several others in TCP, Multicast, etc. Which ioctls() get their own hook, then? Not that I disagree entirely with your concern, but we need to achieve some consensus as to which hooks are absolutely necessary. Do the net device ioctls need more fine-grained control than the TcP, etc. ioctls? -- Wayne Salamon wsalamonat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 10:47:27 PDT