Re: question about bprm_ops->alloc_security(&bprm)

Previous message: Stephen Smalley: "Re: [PATCH] permission hook in filemap_nopage"
In reply to: Huagang Xie: "question about bprm_ops-&gt;alloc_security(&amp;bprm)"
Next in thread: Huagang Xie: "Re: question about bprm_ops-&gt;alloc_security(&amp;bprm)"
Reply: Huagang Xie: "Re: question about bprm_ops-&gt;alloc_security(&amp;bprm)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sdsat_private

On Tue, 5 Feb 2002, Huagang Xie wrote:

> I am trying to port LIDS to LSM right now, I meet a problem when I deal
> with hook in the do_execve(), there is alloc_security() that I can
> use. But since I want to check the envp, the bprm here can not give me
> this envp,

> int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs
> * regs)
> {
>        .....
>        retval = security_ops->bprm_ops->alloc_security(&bprm);
>         if (retval)
>  ....
> }
>
> I wonder if you can put this hook a little later that the copy_string can
> copy envp to bprm or simply add a pointer parameter to alloc_security()?

The alloc_security hook call needs to occur prior to the prepare_binprm
function call, because prepare_binprm calls the set_security hook, and
this latter hook expects the security field to be allocated.  Hence, you
cannot simply move the alloc_security hook call.  I suppose you could add
a new hook call on the bprm after the copy_strings calls.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module