RE: Possible system call interface for LSM

• Previous message: Lachlan McIlroy: "RE: Possible system call interface for LSM"
• In reply to: Seth Arnold: "Re: Possible system call interface for LSM"
• Next in thread: richard offer: "RE: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: richard offer: "RE: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: linux-security-module-adminat_private
> [mailto:linux-security-module-adminat_private]On Behalf Of Seth Arnold
> Sent: Friday, August 10, 2001 3:59 AM
> To: linux-security-moduleat_private
> Subject: Re: Possible system call interface for LSM
> 
> 
> What happens when *length is less than zero?
Good point.  It would be trivial to check for that case
and while we're at it we could consider an upper bound
on the length.
> 
> On Thu, Aug 09, 2001 at 10:00:41AM -0700, richard offer wrote:
> > +int sys_security (int module_id, int cmd, int copy, void 
> *user_data, int *length)
> > +{
> > +	char *kern_data = ( copy ? NULL : user_data );
> > +	int error = 0;
> > +
> > +	/* Make sure application is calling the right module */
> > +	if (module_id != security_ops->module_id)
> > +		return -ENOPKG;

if (*length < 0 || *length > LSM_MAX_LEN)
	return -EINVAL;

> > +
> > +	if (copy && length && *length) {
> > +		kern_data = kmalloc(*length, GFP_KERNEL);
> > +		if (!kern_data) {
> > +			error = -ENOMEM;
> > +			goto out;
> > +		}
> > +
> > +		if (copy_from_user(kern_data, user_data, *length)) {
> > +			error = -EFAULT;
> > +			goto out;
> > +		}
> > +	}
> > +
> > +	error = security_ops->syscall(cmd, kern_data, length);
> > +	if (error)
> > +		goto out;
> > +
> > +	if (copy && length) {
> > +		if (copy_to_user(user_data, kern_data, *length)) {
> > +			error = -EFAULT;
> > +			goto out;
> > +		}
> > +	}
> > +out:
> > +	if (copy && kern_data)
> > +		kfree(kern_data);
> > +
> > +	return error;
> > +}
> 
> 
> _______________________________________________
> linux-security-module mailing list
> linux-security-moduleat_private
> http://mail.wirex.com/mailman/listinfo/linux-security-module
> 
---
Lachlan McIlroy                    Phone: +61 3 9596 4155
Trusted Linux                        Fax: +61 3 9596 2960
Adacel Technologies Ltd                    www.adacel.com




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: richard offer: "RE: Possible system call interface for LSM"
• Previous message: Lachlan McIlroy: "RE: Possible system call interface for LSM"
• In reply to: Seth Arnold: "Re: Possible system call interface for LSM"
• Next in thread: richard offer: "RE: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: richard offer: "RE: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 18:30:37 PDT