Re: Possible system call interface for LSM

• Previous message: Seth Arnold: "Re: Possible system call interface for LSM"
• In reply to: Seth Arnold: "Re: Possible system call interface for LSM"
• Next in thread: Stephen Smalley: "Re: Possible system call interface for LSM"
• Next in thread: David Wagner: "Re: Possible system call interface for LSM"
• Next in thread: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Stephen Smalley: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* frm sarnoldat_private "08/09/01 09:31:16 -0700" | sed '1,$s/^/* /'
*
* On Thu, Aug 09, 2001 at 08:50:46AM -0700, richard offer wrote:
*> In light of that case does it make sense to change the prototype from 
*> 
*>     int  (* syscall)        (int cmd, char *data, int length);
*> 
*> to
*>     int  (* syscall)        (int cmd, int copy_flag, void *data, int
*> * length);
*> 
*> 
*> I personally would rather have length pass by value than reference.
*> 
*> 
*> with copy_flag either DATA_IS_USER_SPACE or DATA_IS_KERNEL_SPACE ? (ToDo:
*> make up better names)
* 
* Please forgive my ignorance, but is it common for kernel space to call
* syscalls? (The gist of my question is actually aimed at a specific
* point: why would the pointers in the arguments to this syscall ever be
* kernel space?)

Its only common for those policies like SELinux that use system call
interposition. How common is this method ? I don't know.

* 
*> It seems that the general case would be to copy data (so removing the
*> code seems like a bad idea), SELinux has specific requirements where
*> that would cause a significant problem, so lets let them not have to
*> copy when they don't want too.
* 
* Hmm. My initial reaction is to suggest just copying the pointers about,
* and let the module handle copy_from_user and copy_to_user. If SELinux
* wants the original pointers, it is possible someone else will want the
* original pointers too.

If the answer to the first question is is no, then doing the user copy
makes sense. If its yes, then there is still some benefit in consoldation
of code, and not having every module have to write more boiler plate. There
is too much already (it would be nice to have the structures ifdef'ed in
security.c so that its possible to #include the file in another policy file
and simply pick-n-mix the hooks (if for example all you wanted to do was
hook the binprm handlers)).


The argument for "if one policy wants it then other will" didn't work for
fds.

richard.

-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: Possible system call interface for LSM"
• Previous message: Seth Arnold: "Re: Possible system call interface for LSM"
• In reply to: Seth Arnold: "Re: Possible system call interface for LSM"
• Next in thread: Stephen Smalley: "Re: Possible system call interface for LSM"
• Next in thread: David Wagner: "Re: Possible system call interface for LSM"
• Next in thread: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Stephen Smalley: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 09:43:37 PDT