Stephen Smalley wrote: >file_ops->ioctl and file_ops->fcntl take a generic arg parameter that >can be a user space pointer, but it can also be a simple integer >value. For example, a fcntl(fd, F_SETFL, arg) request passes the new >descriptor flags as a simple integer in the arg parameter. SELinux >uses this value to determine if the process is trying to clear the >O_APPEND flag on a file, and verifies that the process is allowed to >write to the file in that case (since SELinux may have only granted >the process append permission when the file was originally opened). >So it seems desirable to pass this parameter, but we should add a note >in security.h warning module writers that if this parameter is a >pointer (as opposed to a simple value), then it is a user space >pointer. FIX: Add a comment to security.h. Doesn't this introduce a race condition (time-of-check-to-time-of-use vulnerability), if the module ever dereferences the user pointer? Am I missing something? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 11:59:27 PDT