> -----Original Message----- > From: linux-security-module-adminat_private > [mailto:linux-security-module-adminat_private]On Behalf Of Stephen > Smalley > Sent: Saturday, September 01, 2001 12:23 AM > To: Lachlan McIlroy > Cc: linux-security-moduleat_private > Subject: Re: patch to add hook to sys_prctl > > > > On Fri, 31 Aug 2001, Lachlan McIlroy wrote: > > > Attached is a patch to add a hook into sys_prctl(). The > > unsigned long args can be user pointers so we will need > > to be careful when handling those. > > > > Any comments/feedback...? > > As with fcntl and ioctl, we should probably have an explicit comment > in security.h warning that the arg parameters may be user > space pointers > and should not be used by the module in that case. Agreed, patch is attached. > > It also seems that we should take advantage of this prctl hook > to move the PR_GET_KEEPCAPS and PR_SET_KEEPCAPS code into the > capabilities module, where it belongs. What do others think? I think this is a good idea. Would we also remove the 'keep_capabilities' field from the task structure and move it into the security blob? > > -- > Stephen D. Smalley, NAI Labs > ssmalleyat_private > > > > > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > --- Lachlan McIlroy Phone: +61 3 9596 4155 Trusted Linux Fax: +61 3 9596 2960 Adacel Technologies Ltd www.adacel.com
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 22:45:40 PDT