The patch below proposes moving the unix_may_send socket hook in unix_dgram_sendmsg() to a point after the dead/dying peer detection logic in the main kernel. It is not uncommon for a process to try and send to a connected dead peer socket (e.g. calling syslog() while syslogd is being restarted), and moving the hook prevents the need to try and perform the detection logic in an LSM module (which won't really work properly anyway). - James -- James Morris <jmorrisat_private> diff -urN lsm-w1.orig/net/unix/af_unix.c lsm-w1/net/unix/af_unix.c --- lsm-w1.orig/net/unix/af_unix.c Fri Aug 31 12:06:05 2001 +++ lsm-w1/net/unix/af_unix.c Mon Sep 10 01:17:48 2001 @@ -1225,11 +1225,6 @@ if (!unix_may_send(sk, other)) goto out_unlock; - err = security_ops->socket_ops->unix_may_send(sk->socket, - other->socket); - if (err) - goto out_unlock; - if (other->dead) { /* * Check with 1003.1g - what should @@ -1259,6 +1254,11 @@ err = -EPIPE; if (other->shutdown&RCV_SHUTDOWN) + goto out_unlock; + + err = security_ops->socket_ops->unix_may_send(sk->socket, + other->socket); + if (err) goto out_unlock; if (unix_peer(other) != sk && _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Sep 09 2001 - 09:08:59 PDT