Re: File descriptors: LSM should support them in phase 1.

From: richard offer (offerat_private)
Date: Fri Aug 03 2001 - 17:33:18 PDT

  • Next message: jmjonesat_private: "Re: Making forward progress"

    * frm crispinat_private "07/24/01 16:18:57 -0700" | sed '1,$s/^/* /'
    * 
    * 
    * Seth said (paraphrasing) "to support Solar Designer stdin/out/error
    * special handling hack."  These appear to be substantially the same issue.
    * 
    * Main obstacle:  Solar is not on this list.  In private mail, Solar said
    * that he likes the project, but that he doesn't have time for another
    * mailing list.
    * 
    * So how about someone who is motivated to get fd's into the LSM patch
    * (either SGI or someone else) port some subset of the Solar Designer patch
    * to the LSM+fd parms.  We will then have a very well motivated example in
    * hand should anyone in linux kernel space question this decision.
    
    I've spent the last week trying to do this (Casey doesn't know exactly how
    much time I wasted on this instead of what I should have been doing so lets
    not tell him).
    
    I'm out of time and am giving up (for the time being)
    
        1) The solar designer port is for 2.2
    
        2) It works by intercepting the fds at exec time, so passing fd to (for
    example) the read hook isn't going to help using their existing
    implementation.
    
        3) Adding a open()/close() (or possibly post_*) hook to check for the
    special fds is right out as that isn't going to get past Greg :-)
    
    If anyone has any suggested alternative implementations I'll try to fit in
    some more work on it.
    
    I'm guessing that about kills any chance of getting the fd parameters into
    phase I :-( 
    
    Of course that wont stop us trying :-)
    
    * Crispin
    
    richard.
    
    -----------------------------------------------------------------------
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    _______________________________________________________________________
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 17:34:33 PDT