Any objections to committing the attached patch, which clears the security fields for inodes and System V IPC objects prior to calling the alloc_security hook. Otherwise, these fields may contain garbage and confuse the module. -- Stephen D. Smalley, NAI Labs ssmalleyat_private diff -X /home/sds/dontdiff -ru lsm-wirex/fs/inode.c lsm/fs/inode.c --- lsm-wirex/fs/inode.c Mon Aug 13 08:19:49 2001 +++ lsm/fs/inode.c Thu Sep 6 12:54:00 2001 @@ -81,6 +81,7 @@ inode = ((struct inode *) kmem_cache_alloc(inode_cachep, SLAB_KERNEL)); if (!inode) return NULL; + inode->i_security = NULL; if (security_ops->inode_ops->alloc_security(inode)) { kmem_cache_free(inode_cachep, (inode)); return NULL; diff -X /home/sds/dontdiff -ru lsm-wirex/ipc/msg.c lsm/ipc/msg.c --- lsm-wirex/ipc/msg.c Tue Sep 4 10:44:17 2001 +++ lsm/ipc/msg.c Thu Sep 6 12:57:57 2001 @@ -99,6 +99,7 @@ msq->q_perm.mode = (msgflg & S_IRWXUGO); msq->q_perm.key = key; + msq->q_perm.security = NULL; retval = security_ops->msg_queue_ops->alloc_security(msq); if (retval) { kfree(msq); @@ -185,6 +186,7 @@ src = ((char*)src)+alen; } + msg->security = NULL; err = security_ops->msg_msg_ops->alloc_security(msg); if (err) goto out_err; diff -X /home/sds/dontdiff -ru lsm-wirex/ipc/sem.c lsm/ipc/sem.c --- lsm-wirex/ipc/sem.c Tue Sep 4 10:44:17 2001 +++ lsm/ipc/sem.c Thu Sep 6 13:06:59 2001 @@ -132,6 +132,7 @@ sma->sem_perm.mode = (semflg & S_IRWXUGO); sma->sem_perm.key = key; + sma->sem_perm.security = NULL; retval = security_ops->sem_ops->alloc_security(sma); if (retval) { ipc_free(sma, size); diff -X /home/sds/dontdiff -ru lsm-wirex/ipc/shm.c lsm/ipc/shm.c --- lsm-wirex/ipc/shm.c Tue Sep 4 10:44:17 2001 +++ lsm/ipc/shm.c Thu Sep 6 12:58:15 2001 @@ -182,6 +182,7 @@ shp->shm_perm.key = key; shp->shm_flags = (shmflg & S_IRWXUGO); + shp->shm_perm.security = NULL; error = security_ops->shm_ops->alloc_security(shp); if (error) { kfree(shp); _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 10:20:00 PDT