Re: Possible system call interface for LSM

From: richard offer (offerat_private)
Date: Thu Aug 09 2001 - 09:42:58 PDT

  • Next message: jmjonesat_private: "Re: Possible system call interface for LSM"

    * frm sarnoldat_private "08/09/01 09:31:16 -0700" | sed '1,$s/^/* /'
    *
    * On Thu, Aug 09, 2001 at 08:50:46AM -0700, richard offer wrote:
    *> In light of that case does it make sense to change the prototype from 
    *> 
    *>     int  (* syscall)        (int cmd, char *data, int length);
    *> 
    *> to
    *>     int  (* syscall)        (int cmd, int copy_flag, void *data, int
    *> * length);
    *> 
    *> 
    *> I personally would rather have length pass by value than reference.
    *> 
    *> 
    *> with copy_flag either DATA_IS_USER_SPACE or DATA_IS_KERNEL_SPACE ? (ToDo:
    *> make up better names)
    * 
    * Please forgive my ignorance, but is it common for kernel space to call
    * syscalls? (The gist of my question is actually aimed at a specific
    * point: why would the pointers in the arguments to this syscall ever be
    * kernel space?)
    
    Its only common for those policies like SELinux that use system call
    interposition. How common is this method ? I don't know.
    
    * 
    *> It seems that the general case would be to copy data (so removing the
    *> code seems like a bad idea), SELinux has specific requirements where
    *> that would cause a significant problem, so lets let them not have to
    *> copy when they don't want too.
    * 
    * Hmm. My initial reaction is to suggest just copying the pointers about,
    * and let the module handle copy_from_user and copy_to_user. If SELinux
    * wants the original pointers, it is possible someone else will want the
    * original pointers too.
    
    If the answer to the first question is is no, then doing the user copy
    makes sense. If its yes, then there is still some benefit in consoldation
    of code, and not having every module have to write more boiler plate. There
    is too much already (it would be nice to have the structures ifdef'ed in
    security.c so that its possible to #include the file in another policy file
    and simply pick-n-mix the hooks (if for example all you wanted to do was
    hook the binprm handlers)).
    
    
    The argument for "if one policy wants it then other will" didn't work for
    fds.
    
    richard.
    
    -----------------------------------------------------------------------
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    _______________________________________________________________________
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 09:43:37 PDT