Attached is a patch that corrects some problems with the handling of Message Queues <ipc/msg.c>. The previous IPC hooks were were not enforcing permissions on inline msgrcv operations. In sys_msgrcv, the previous msgrcv hook was placed prior to the out_success label so that the message wasn't removed from the queue prior to access decisions. If there wasn't a message on the queue, the process could wait for a message to become available (pipelined receive) and possibly jump to a point after the msgrcv hook (the out_success label). In order to correct this oversight, I removed the test_message hook from testmsg and placed hooks in the two locations that testmsg was being called. To check receive permissions, SELinux needs the task structure for the receiving process. In the simple case, it is the current process, in the pipelined send/receive case, it is the task from the wait queue. Once these changes were made, the previous msgrcv hook is no longer necessary, so I re-used the msgrcv hook name (with different parameters), to indicate that we really are checking message receive permissions, and no longer testing a single message. Due to the surrounding kernel logic, we lose the security module's return code, but I don't think this is a problem. Opinions? If there are no objections, I can have Stephen commit this patch tomorrow. chris.
This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 08:48:26 PDT