Re: Problems with some of the current hooks

From: Stephen Smalley (sdsat_private)
Date: Fri Aug 03 2001 - 12:06:36 PDT

  • Next message: Stephen Smalley: "RE: Making forward progress"

    On 3 Aug 2001, David Wagner wrote:
    > Stephen Smalley  wrote:
    > >So it seems desirable to pass this parameter, but we should add a note
    > >in security.h warning module writers that if this parameter is a
    > >pointer (as opposed to a simple value), then it is a user space
    > >pointer.  FIX:  Add a comment to security.h.
    > Doesn't this introduce a race condition (time-of-check-to-time-of-use
    > vulnerability), if the module ever dereferences the user pointer?  Am
    > I missing something?
    The arg parameter isn't always a pointer.  In some cases, it is a simple
    integer value (passed by value, not by reference).  In at least one
    such case (fcntl with F_SETFL), we have a specific example in
    SELinux where the module needs to know that integer value.  So, yes,
    in the cases where the arg parameter is a pointer, I wouldn't
    recommend that the module use it, but I want the module to be
    able to use it when it is a simple value.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 12:08:31 PDT