RE: quotactl hook

• Previous message: Greg KH: "2001_09_04 patch against 2.4.9"
• In reply to: Chris Wright: "Re: quotactl hook"
• Next in thread: Chris Wright: "Re: quotactl hook"
• Next in thread: jmjonesat_private: "Re: quotactl hook"
• Reply: Chris Wright: "Re: quotactl hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: linux-security-module-adminat_private
> [mailto:linux-security-module-adminat_private]On Behalf Of 
> Chris Wright
> Sent: Wednesday, September 05, 2001 8:44 AM
> To: linux-security-moduleat_private
> Subject: Re: quotactl hook
> 
> 
> * jmjonesat_private (jmjonesat_private) wrote:
> > 
> > Please note that I do NOT believe EVERYTHING possible needs to be
> > addressed explicitly in the LSM interface.  I *do* believe 
> that everything
> > *noted here* needs to be evaluated fairly deeply before we 
> abandon support
> > in favor of the the "smallest/least intrusive" method.  If there's a
> > mechanism already existing "below the surface" to implement, then
> > rejection is appropriate. 
> 
> if you can show me that the authoritative patch fundamentally provides
> features that you can not produce currently than i'm 
> convinced.  if in your
> module you use the capable hook as an in-kernel override mechanism
> (return 0 from your module's capable implementation), then you will
> always trigger the restrictive lsm hook.  i have not done a full look
> at the hooks, but can you cite specific kernel code where this won't
> work? (the obvious would be in-kernel check that is not coupled with a
> call to capable).  if you care about the result from the 
> in-kernel check
> it is really boolean, the kernel code doesn't conditionally set the
> error return code based on what part of in-kernel check failed[1].
> so if you call into module via capable you know you failed 
> the in-kernel
> logic, otherwise you passed it...audit accordingly.
Actually you can't be guaranteed that the capable call
will only be called if the in-kernel logic fails.  Take a
look at sys_setgid() and sys_setuid().  Fortunately for
us the hook is called first but others may still have a
problem.
> 
> -chris
> 
> p.s. here are some interesting statistics based on the 
> current ChangeSet
> (1.185) versus the 2.4.9 vanilla kernel.  the authoritative one is
> basicall Stephen's recent repost of his authoritative patch ported
> forward to 1.185:
> 
> autoritative	patch size (bytes)	lines removed	lines added
> NO		187974			313		2944
> YES		194120			357		3000
> 
With all the fuss I thought there would have been a
bigger difference.
> _______________________________________________
> linux-security-module mailing list
> linux-security-moduleat_private
> http://mail.wirex.com/mailman/listinfo/linux-security-module
> 
---
Lachlan McIlroy                    Phone: +61 3 9596 4155
Trusted Linux                        Fax: +61 3 9596 2960
Adacel Technologies Ltd                    www.adacel.com




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: quotactl hook"
• Previous message: Greg KH: "2001_09_04 patch against 2.4.9"
• In reply to: Chris Wright: "Re: quotactl hook"
• Next in thread: Chris Wright: "Re: quotactl hook"
• Next in thread: jmjonesat_private: "Re: quotactl hook"
• Reply: Chris Wright: "Re: quotactl hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 18:07:49 PDT