Re: Problems with some of the current hooks

From: richard offer (offerat_private)
Date: Mon Aug 06 2001 - 11:22:13 PDT

  • Next message: jmjonesat_private: "Re: Making forward progress"

    * frm sdsat_private "08/06/01 10:56:14 -0400" | sed '1,$s/^/* /'
    * On Mon, 6 Aug 2001, richard offer wrote:
    *> So that I can decipher the arguments appropriately. For pread we're going
    *> to have to pass the offset, for readv the iovec
    *> And we still have to get fds in there, we need them. 
    * Ok, you're confusing me.  First, you say that you are ok with dropping
    * the separate read/readv/write/writev hooks and just using the permision
    * hook for all of these operations.  Then you say that you want to pass
    * information like the offset and iovec which is specific to particular
    * operations.  If you want specialized arguments, then you want separate
    * hooks.  Then each hook can pass the right set of arguments for
    * the operation, and the module knows where it was called from and
    * the argument values.  I don't think we want a permission hook with
    * an arbitrary number of typeless parameters.
    I thought that was what you were proposing.
    * So, why do you want these parameters?  If you can make the case for them,
    * then I would suggest that you really want separate hooks with specialized
    * arguments rather than the single permission hook.
    You're right, my mistake, I withdraw the argument.
    *> * And
    *> * why exactly do you want separate hooks for readdir and sendfile?
    *> Because they have different enough APIs and usages that I think it would
    *> be worth it. Otherwise the general purpose hook is going to have too many
    *> parameters.
    * Again, the file_ops->permission hook works fine for these operations
    * with only the struct file * and the permissions mask for typical
    * access control modules.
    Yes, but _if_ readdir was a separate hook, then we could get rid of the
    abombination of not having a FD available at the time of that hook call. By
    forcing it to use the same hook, your forcing us to do something ugly which
    everyone agrees is a wart.
    That would make it easier to add FDs, as now we have reduced the number of
    hooks that would need modifying (no read/write etc), and one of the two
    places that was causing a problem has suddenly gone.
    The fact that readdir/getdents exists as distinct system calls and not
    multiplxed through read seems to me that there was some thought that they
    should be handled differently.
    * Stephen D. Smalley, NAI Labs
    * ssmalleyat_private
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:23:37 PDT