Re: question about bprm_ops->alloc_security(&bprm)

From: Huagang Xie (xieat_private)
Date: Wed Feb 06 2002 - 12:17:19 PST

  • Next message: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"

    > On Tue, 5 Feb 2002, Huagang Xie wrote:
    > 
    > > I am trying to port LIDS to LSM right now, I meet a problem when I deal
    > > with hook in the do_execve(), there is alloc_security() that I can
    > > use. But since I want to check the envp, the bprm here can not give me
    > > this envp,
    > 
    > > int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs
    > > * regs)
    > > {
    > >        .....
    > >        retval = security_ops->bprm_ops->alloc_security(&bprm);
    > >         if (retval)
    > >  ....
    > > }
    > >
    > > I wonder if you can put this hook a little later that the copy_string can
    > > copy envp to bprm or simply add a pointer parameter to alloc_security()?
    > 
    > The alloc_security hook call needs to occur prior to the prepare_binprm
    > function call, because prepare_binprm calls the set_security hook, and
    > this latter hook expects the security field to be allocated.  Hence, you
    > cannot simply move the alloc_security hook call.  I suppose you could add
    > a new hook call on the bprm after the copy_strings calls.
    
    Is there any hook that I can use to do this? or will LSM support to add a
    hook for this in the future? like 
    
    	one way is to add a paramter to current implementation,
    		security_ops->bprm_ops->alloc_security(&bprm, envp); 
    
    or  
         a new hook after the copy_string()
    
    		security_ops->bprm_ops->post_alloc_security(&bprm);
    
    Thanks,
    Huagang
    
    
    -- 
    LIDS secure linux kernel
    http://www.lids.org/
    1024D/B6EFB028 		4731 2BF7 7735 4DBD 3771  4E24 B53B B60A B6EF B028
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 12:13:47 PST