RE: File descriptors: LSM should support them in phase 1.

From: Matt Block (mattat_private)
Date: Sat Aug 04 2001 - 10:01:50 PDT

  • Next message: Matt Block: "RE: File descriptors: LSM should support them in phase 1."

    Is anyone from GR Security on the list?  GRSEC has ported Solar's work
    to 2.4, and may be able to offer some code.
      -- Matt
    -----Original Message-----
    From: linux-security-module-adminat_private
    [mailto:linux-security-module-adminat_private] On Behalf Of richard
    Sent: Friday, August 03, 2001 8:33 PM
    To: linux-security-moduleat_private
    Subject: Re: File descriptors: LSM should support them in phase 1.
    * frm crispinat_private "07/24/01 16:18:57 -0700" | sed '1,$s/^/* /'
    * Seth said (paraphrasing) "to support Solar Designer stdin/out/error
    * special handling hack."  These appear to be substantially the same
    * Main obstacle:  Solar is not on this list.  In private mail, Solar
    * that he likes the project, but that he doesn't have time for another
    * mailing list.
    * So how about someone who is motivated to get fd's into the LSM patch
    * (either SGI or someone else) port some subset of the Solar Designer
    * to the LSM+fd parms.  We will then have a very well motivated example
    * hand should anyone in linux kernel space question this decision.
    I've spent the last week trying to do this (Casey doesn't know exactly
    how much time I wasted on this instead of what I should have been doing
    so lets not tell him).
    I'm out of time and am giving up (for the time being)
        1) The solar designer port is for 2.2
        2) It works by intercepting the fds at exec time, so passing fd to
    example) the read hook isn't going to help using their existing
        3) Adding a open()/close() (or possibly post_*) hook to check for
    the special fds is right out as that isn't going to get past Greg :-)
    If anyone has any suggested alternative implementations I'll try to fit
    in some more work on it.
    I'm guessing that about kills any chance of getting the fd parameters
    into phase I :-( 
    Of course that wont stop us trying :-)
    * Crispin
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    linux-security-module mailing list linux-security-moduleat_private
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sat Aug 04 2001 - 10:02:41 PDT