Re: [PATCH] security.h updates

• Previous message: Chris Vance: "[PATCH] security.h updates"
• In reply to: Chris Vance: "[PATCH] security.h updates"
• Next in thread: Chris Wright: "Re: [PATCH] security.h updates"
• Reply: Chris Wright: "Re: [PATCH] security.h updates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 12, 2001 at 03:08:54PM -0400, Chris Vance wrote:
> 
> Another patch, adding additional documentation to the security.h file.
> This patch includes documentation for sockets and the rest of the IPC
> hooks.
> 
> If there are no issues, Stephen can commit this patch.
> 
> chris.

Chris, this is mostly very good, but there are some issues, mostly of
the cut-n-paste variety. :)

Thanks! :)

> +	/**
> +	 * recvmsg - check permission when receiving messages from this socket
> +	 * @sock: socket structure
> +	 * @msg: message structure
> +	 * @size: size of message structure
XXX needs also @flags
> +	 *
> +	 * called: sock_recvmsg <net/socket.c>
> +	 *
> +	 * Check permission before receiving a message from a socket.
> +	 * Return 0 if permission is granted.  
> +	 */
> +	int (*recvmsg) (struct socket * sock, struct msghdr * msg, int size,
> +			int flags);
[...]
> +	/**
> +	 * setsockname - check permission when setting socket options
XXX should read "setsockopt"
> +	 * @sock: socket structure
> +	 * @level: protocol level to set options for
> +	 * @optname: name of the option to retrieve
> +	 *
> +	 * called: sys_setsockopt <net/socket.c>
> +	 *
> +	 * Check permissions before retrieving the options associated
> +	 * with socket @sock. Return 0 if permission is granted.  
> +	 */
> +	int (*setsockopt) (struct socket * sock, int level, int optname);
[...]
> +	/**
> +	 * sock_rcv_skb - check permissions on incoming network packets
> +	 * @sk: sock (not socket) associated with the incoming sk_buff
> +	 * @sk_buff: incoming network data
XXX should read "skb"
> +	 *
> +	 * called: tcp_v4_rcv <net/ipv4/tcp_ipv4.c>
> +	 * called: sock_queue_rcv_skb <include/net/sock.h>
> +	 *
> +	 * Check permissions on incoming network packets.  This hook is
> +	 * distinct from the network input hooks of ip_security_ops since
> +	 * it is the first time that the incoming sk_buff @skb has been 
> +	 * associated with a particular socket, @sk.  Security modules
> +	 * should not try to dereference @sk->socket if the socket is
> +	 * in a time wait state (@sk->state == TCP_TIME_WAIT), since
> +	 * the @sk refers to a tcp_tw_bucket structure in that case.
> +	 * Also, even if the socket is not in this state, @sk->socket
> +	 * may be NULL, e.g. a newly created server socket for a connection 
> +	 * that has not yet been accepted by a process.
XXX does this need a note of "return 0 if permission is granted."?
> +	 */
> +	int (*sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
[...]
> +	/**
> +	 * unix_stream_connect - check permissions for Unix domain stream IPC
> +	 * @sock: socket structure
> +	 * @other: peer socket structure
> +	 *
> +	 * called: unix_stream_connect <net/unix/af_unix.c>
> +	 *
> +	 * Check permissions before establishing a Unix domain stream 
> +	 * connection between @sock and @other. 
XXX does this need a note of "return 0 if permission is granted."?
> +	 */
> +	int (*unix_stream_connect) (struct socket * sock,
> +				    struct socket * other);
> +
> +	/**
> +	 * unix_may_send - check permissions for Unix domain datagram IPC
> +	 * @sock: socket structure
> +	 * @sock: peer socket structure
> +	 *
> +	 * called: unix_dgram_connect <net/unix/af_unix.>
> +	 * called: unix_dgram_sendmsg <net/unix/af_unix.>
> +	 *
> +	 * Check permissions before connecting or sending datagrams 
> +	 * from @sock to @other.
XXX does this need a note of "return 0 if permission is granted."?
> +	 */
> +	int (*unix_may_send) (struct socket * sock, struct socket * other);
>  };
[...]
> +	/**
> +	 * msgctl - check permission for shared memory control operations
XXX this should read "shmctl"
> +	 * @shp: shared memory structure to be modified
> +	 * @shmid: resource identifier
> +	 * @cmd: operation to be performed
> +	 *
> +	 * called: sys_shmctl <ipc/shm.c>
> +	 * called: sys_shmctl <ipc/shm.c>
> +	 * called: sys_shmctl <ipc/shm.c>
> +	 * called: sys_shmctl <ipc/shm.c>
> +	 *
> +	 * lock: depending on @cmd, shm_lock() may have been called,
> +	 * so there may be a spin_lock held on 'struct shmid_kernel
> +	 * shm_ids'
> +	 *
> +	 * Check permission when a shared memory control operation
> +	 * specified by @cmd is to be performed on the shared memory
> +	 * region @shp, with identifier @shmid.  Return 0 if
> +	 * permission is granted.
> +	 */
> +	int (* shmctl) (struct shmid_kernel *shp, int shmid, int cmd);
[...]
> +	/**
> +	 * free_security - deallocate security struct for this semaphore
> +	 * @shp: semaphore structure
XXX this should read "sma"
> +	 *
> +	 * called: freeary <ipc/sem.c>
> +	 */
> +	void (* free_security) (struct sem_array *sma);

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: [PATCH] security.h documentation"
• Previous message: Chris Vance: "[PATCH] security.h updates"
• In reply to: Chris Vance: "[PATCH] security.h updates"
• Next in thread: Chris Wright: "Re: [PATCH] security.h updates"
• Reply: Chris Wright: "Re: [PATCH] security.h updates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 12 2001 - 18:22:58 PDT