Re: Problems with some of the current hooks

From: David Wagner (dawat_private)
Date: Fri Aug 03 2001 - 11:38:48 PDT

  • Next message: David Wheeler: "RE: Making forward progress"

    Stephen Smalley  wrote:
    >file_ops->ioctl and file_ops->fcntl take a generic arg parameter that
    >can be a user space pointer, but it can also be a simple integer
    >value.  For example, a fcntl(fd, F_SETFL, arg) request passes the new
    >descriptor flags as a simple integer in the arg parameter.  SELinux
    >uses this value to determine if the process is trying to clear the
    >O_APPEND flag on a file, and verifies that the process is allowed to
    >write to the file in that case (since SELinux may have only granted
    >the process append permission when the file was originally opened).
    >So it seems desirable to pass this parameter, but we should add a note
    >in security.h warning module writers that if this parameter is a
    >pointer (as opposed to a simple value), then it is a user space
    >pointer.  FIX:  Add a comment to security.h.
    Doesn't this introduce a race condition (time-of-check-to-time-of-use
    vulnerability), if the module ever dereferences the user pointer?  Am
    I missing something?
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 11:59:27 PDT