RE: patch to add hook to sys_prctl

From: Stephen Smalley (sdsat_private)
Date: Wed Sep 05 2001 - 05:38:22 PDT

  • Next message: Stephen Smalley: "Re: documentation (was Re: 2001_09_04 patch against 2.4.9)"

    On Wed, 5 Sep 2001, Lachlan McIlroy wrote:
    > > As with fcntl and ioctl, we should probably have an explicit comment 
    > > in security.h warning that the arg parameters may be user 
    > > space pointers
    > > and should not be used by the module in that case.
    > Agreed, patch is attached.
    Actually, after I looked at prctl further, it appeared that this
    warning is unnecessary, because the prctl call never copies in
    from an arg parameter.  The arg parameters are only used as simple
    values or as output pointers, as with bdflush, so I don't think
    we need this change.
    > > It also seems that we should take advantage of this prctl hook
    > > to move the PR_GET_KEEPCAPS and PR_SET_KEEPCAPS code into the
    > > capabilities module, where it belongs.  What do others think?
    > I think this is a good idea.  Would we also remove the
    > 'keep_capabilities' field from the task structure and
    > move it into the security blob?
    No.  The approach that we have been taking is to leave the 
    capability-related fields in the kernel data structures (as suggested by
    Linus in his original messages on the topic), but move the  
    capability-related code into the module.  This allows the capabilities 
    logic to evolve separately from the base kernel while still allowing easy
    composition of other modules with the capabilities module.  If the kernel
    developers later advise us to move the capability fields as well into the
    security blob, then we can certainly do so.  
    Also, I should note that there are still a few locations in the kernel
    where capabilities are directly examined or manipulated, e.g. sys_access,
    nlm_bind_host, nfsd_setuser, task_cap.  To completely move the
    capabilities field from the kernel data structures, those locations would
    also have to be updated.  But I think that all of the hardcoded capability
    tests have been moved into the module, so the current patch is adequate
    for allowing modules to replace the capability logic.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 05:40:41 PDT