On Wed, 5 Sep 2001, Lachlan McIlroy wrote: > > As with fcntl and ioctl, we should probably have an explicit comment > > in security.h warning that the arg parameters may be user > > space pointers > > and should not be used by the module in that case. > Agreed, patch is attached. Actually, after I looked at prctl further, it appeared that this warning is unnecessary, because the prctl call never copies in from an arg parameter. The arg parameters are only used as simple values or as output pointers, as with bdflush, so I don't think we need this change. > > It also seems that we should take advantage of this prctl hook > > to move the PR_GET_KEEPCAPS and PR_SET_KEEPCAPS code into the > > capabilities module, where it belongs. What do others think? > I think this is a good idea. Would we also remove the > 'keep_capabilities' field from the task structure and > move it into the security blob? No. The approach that we have been taking is to leave the capability-related fields in the kernel data structures (as suggested by Linus in his original messages on the topic), but move the capability-related code into the module. This allows the capabilities logic to evolve separately from the base kernel while still allowing easy composition of other modules with the capabilities module. If the kernel developers later advise us to move the capability fields as well into the security blob, then we can certainly do so. Also, I should note that there are still a few locations in the kernel where capabilities are directly examined or manipulated, e.g. sys_access, nlm_bind_host, nfsd_setuser, task_cap. To completely move the capabilities field from the kernel data structures, those locations would also have to be updated. But I think that all of the hardcoded capability tests have been moved into the module, so the current patch is adequate for allowing modules to replace the capability logic. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 05:40:41 PDT