[PATCH] Clear security fields for inodes and System V IPC objects

From: Stephen Smalley (sdsat_private)
Date: Thu Sep 06 2001 - 10:17:26 PDT

  • Next message: Stephen Smalley: "Re: Common header for security blobs"

    Any objections to committing the attached patch, which clears
    the security fields for inodes and System V IPC objects prior
    to calling the alloc_security hook.  Otherwise, these fields
    may contain garbage and confuse the module.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    diff -X /home/sds/dontdiff -ru lsm-wirex/fs/inode.c lsm/fs/inode.c
    --- lsm-wirex/fs/inode.c	Mon Aug 13 08:19:49 2001
    +++ lsm/fs/inode.c	Thu Sep  6 12:54:00 2001
    @@ -81,6 +81,7 @@
     	inode = ((struct inode *) kmem_cache_alloc(inode_cachep, SLAB_KERNEL));
     	if (!inode)
     		return NULL;
    +	inode->i_security = NULL;
     	if (security_ops->inode_ops->alloc_security(inode)) {
     		kmem_cache_free(inode_cachep, (inode));
     		return NULL;
    diff -X /home/sds/dontdiff -ru lsm-wirex/ipc/msg.c lsm/ipc/msg.c
    --- lsm-wirex/ipc/msg.c	Tue Sep  4 10:44:17 2001
    +++ lsm/ipc/msg.c	Thu Sep  6 12:57:57 2001
    @@ -99,6 +99,7 @@
     	msq->q_perm.mode = (msgflg & S_IRWXUGO);
     	msq->q_perm.key = key;
     
    +	msq->q_perm.security = NULL;
     	retval = security_ops->msg_queue_ops->alloc_security(msq);
     	if (retval) {
     		kfree(msq);
    @@ -185,6 +186,7 @@
     		src = ((char*)src)+alen;
     	}
     	
    +	msg->security = NULL;
     	err = security_ops->msg_msg_ops->alloc_security(msg);
     	if (err)
     		goto out_err;
    diff -X /home/sds/dontdiff -ru lsm-wirex/ipc/sem.c lsm/ipc/sem.c
    --- lsm-wirex/ipc/sem.c	Tue Sep  4 10:44:17 2001
    +++ lsm/ipc/sem.c	Thu Sep  6 13:06:59 2001
    @@ -132,6 +132,7 @@
     	sma->sem_perm.mode = (semflg & S_IRWXUGO);
     	sma->sem_perm.key = key;
     
    +	sma->sem_perm.security = NULL;
     	retval = security_ops->sem_ops->alloc_security(sma);
     	if (retval) {
     		ipc_free(sma, size);
    diff -X /home/sds/dontdiff -ru lsm-wirex/ipc/shm.c lsm/ipc/shm.c
    --- lsm-wirex/ipc/shm.c	Tue Sep  4 10:44:17 2001
    +++ lsm/ipc/shm.c	Thu Sep  6 12:58:15 2001
    @@ -182,6 +182,7 @@
     	shp->shm_perm.key = key;
     	shp->shm_flags = (shmflg & S_IRWXUGO);
     
    +	shp->shm_perm.security = NULL;
     	error = security_ops->shm_ops->alloc_security(shp);
     	if (error) {
     		kfree(shp);
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 10:20:00 PDT