sorry for long lag on this thread. * Stephen Smalley (sdsat_private) wrote: > > This looks good. I think that doing the continue is the right course > of action. Also, I suppose that we could remove the name parameter > from the init_module hook, since it is redundant with the module > parameter. below is patch that changes delete_module hook to use struct module and removes the redundant name field from init_module. > Adding a security field to the module structure might be interesting, > but I'm not sure what the basis for determining the tag would be. > When we looked at kernel modules for SELinux, we originally hoped > to perform a permission check based on the label of the file from > which the module was stored (to check its integrity), but the file > doesn't seem to be available to the kernel since the utility handles the > loading. I suppose you might do some kind of tagging based on a hash > of the module. i'm not sure either. it seems like the information should be available, since the userland program that does the create_module and init_module had to open a file to read in module and build module struct. of course, if we leave it up to userland to report which file it opened...the program could always lie ;-( at any rate, if this looks ok, i'll commit tomorrow. -chris diff -Nru a/include/linux/security.h b/include/linux/security.h --- a/include/linux/security.h Thu Oct 4 18:37:05 2001 +++ b/include/linux/security.h Thu Oct 4 18:37:05 2001 @@ -1650,7 +1650,6 @@ /** * init_module - check permission when initializing a module - * @name: module name * @mod: the module * * called: sys_init_module <kernel/module.c> @@ -1660,20 +1659,21 @@ * Check permission before initializing a kernel module. * Return 0 if permission is granted. */ - int (* init_module) (const char *name, struct module *mod); + int (* init_module) (struct module *mod); /** * delete_module - check permission when removing a module - * @name: module name + * @mod: module being deleted * * called: sys_delete_module <kernel/module.c> * * lock: The big kernel lock is held. + * lock: unload_lock is held. * * Check permission before removing a kernel module. * Return 0 if permission is granted. */ - int (* delete_module) (const char *name); + int (* delete_module) (const struct module *mod); }; /** diff -Nru a/kernel/module.c b/kernel/module.c --- a/kernel/module.c Thu Oct 4 18:37:05 2001 +++ b/kernel/module.c Thu Oct 4 18:37:05 2001 @@ -505,7 +505,7 @@ } /* check that we have permission to do this */ - error = security_ops->module_ops->init_module(name, mod); + error = security_ops->module_ops->init_module(mod); if (error) goto err3; error = -EINVAL; @@ -619,13 +619,6 @@ if ((error = get_mod_name(name_user, &name)) < 0) goto out; - /* check that we have permission to do this */ - error = security_ops->module_ops->delete_module(name); - if (error) { - put_mod_name(name); - goto out; - } - error = -ENOENT; if ((mod = find_module(name)) == NULL) { put_mod_name(name); @@ -638,6 +631,12 @@ spin_lock(&unload_lock); if (!__MOD_IN_USE(mod)) { + /* check that we have permission to do this */ + error = security_ops->module_ops->delete_module(mod); + if (error) { + spin_unlock(&unload_lock); + goto out; + } mod->flags |= MOD_DELETED; spin_unlock(&unload_lock); free_module(mod, 0); @@ -666,6 +665,13 @@ spin_unlock(&unload_lock); mod->flags &= ~MOD_VISITED; } else { + /* check that we have permission to do this + * an error is not propagated if perm fails + */ + if (security_ops->module_ops->delete_module(mod)) { + spin_unlock(&unload_lock); + continue; + } mod->flags |= MOD_DELETED; spin_unlock(&unload_lock); free_module(mod, 1); diff -Nru a/security/capability_plug.c b/security/capability_plug.c --- a/security/capability_plug.c Thu Oct 4 18:37:05 2001 +++ b/security/capability_plug.c Thu Oct 4 18:37:05 2001 @@ -914,13 +914,12 @@ return 0; } -static int cap_module_init_module (const char *name_user, - struct module *mod_user) +static int cap_module_init_module (struct module *mod_user) { return 0; } -static int cap_module_delete_module (const char *name_user) +static int cap_module_delete_module (const struct module *mod) { return 0; } diff -Nru a/security/dummy.c b/security/dummy.c --- a/security/dummy.c Thu Oct 4 18:37:05 2001 +++ b/security/dummy.c Thu Oct 4 18:37:05 2001 @@ -735,13 +735,12 @@ return 0; } -static int dummy_module_init_module (const char *name_user, - struct module *mod_user) +static int dummy_module_init_module (struct module *mod_user) { return 0; } -static int dummy_module_delete_module (const char *name_user) +static int dummy_module_delete_module (const struct module *mod) { return 0; } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 18:50:51 PDT