Hi,
Since it has been proven that the version field of the struct
security_operations is useless (it doesn't catch the problem of not
defining a hook, and no other in kernel api has a version number),
here's a patch that removes it from the code.
Any objections to committing this?
thanks,
greg k-h
diff --minimal -Nru a/include/linux/security.h b/include/linux/security.h
--- a/include/linux/security.h Tue Oct 30 09:06:51 2001
+++ b/include/linux/security.h Tue Oct 30 09:06:51 2001
@@ -33,10 +33,6 @@
#include <linux/msg.h>
-/* change these every time the security_operations structure changes */
-#define SECURITY_INTERFACE_VERSION 0x00000101
-#define SECURITY_SCAFFOLD_VERSION "1.0.0"
-
/*
* Values used in the task_security_ops calls
*/
@@ -2033,8 +2029,6 @@
struct nfsctl_arg; /* forward declare to avoid warnings */
struct security_operations {
- int version;
-
/**
* sethostname - check permission when setting the hostname
* @hostname: new hostname
diff --minimal -Nru a/security/capability_plug.c b/security/capability_plug.c
--- a/security/capability_plug.c Tue Oct 30 09:06:52 2001
+++ b/security/capability_plug.c Tue Oct 30 09:06:52 2001
@@ -1246,8 +1246,6 @@
};
static struct security_operations capability_ops = {
- version: SECURITY_INTERFACE_VERSION,
-
sethostname: cap_sethostname,
setdomainname: cap_setdomainname,
reboot: cap_reboot,
diff --minimal -Nru a/security/dummy.c b/security/dummy.c
--- a/security/dummy.c Tue Oct 30 09:06:52 2001
+++ b/security/dummy.c Tue Oct 30 09:06:52 2001
@@ -1069,8 +1069,6 @@
};
struct security_operations dummy_security_ops = {
- version: SECURITY_INTERFACE_VERSION,
-
sethostname: dummy_sethostname,
setdomainname: dummy_setdomainname,
reboot: dummy_reboot,
diff --minimal -Nru a/security/security.c b/security/security.c
--- a/security/security.c Tue Oct 30 09:06:51 2001
+++ b/security/security.c Tue Oct 30 09:06:51 2001
@@ -18,6 +18,8 @@
#include <linux/sched.h>
#include <linux/security.h>
+#define SECURITY_SCAFFOLD_VERSION "1.0.0"
+
extern struct security_operations dummy_security_ops; /* lives in dummy.c */
struct security_operations *security_ops; /* Initialized to NULL */
@@ -54,19 +56,11 @@
return -EINVAL;
}
- /* verify the version of the structure */
- if (ops->version != SECURITY_INTERFACE_VERSION) {
- printk (KERN_INFO "Mismatched version of security_operation "
- "structure used, " __FUNCTION__ " failed.\n");
- return -EINVAL;
- }
-
/* Perform a little sanity checking on our inputs */
err = 0;
/* This first check scans the whole security_ops struct for
- * missing structs or functions. The ops->version could pose
- * a problem since it's just an int.
+ * missing structs or functions.
*/
VERIFY_STRUCT(struct security_operations, ops, err);
@@ -119,10 +113,9 @@
* value passed to this function. A call to unregister_security() should be
* done to remove this security_options structure from the kernel.
*
- * If the @ops structure is the incorrect version (a module compiled against
- * the wrong kernel version) or there is already a security module registered
- * with the kernel, an error will be returned. Otherwise 0 is returned on
- * success.
+ * If the @ops structure does not contain function pointers for all hooks in
+ * the structure, or there is already a security module registered with the
+ * kernel, an error will be returned. Otherwise 0 is returned on success.
*/
int register_security (struct security_operations *ops)
{
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 09:12:40 PST