> On Tue, 5 Feb 2002, Huagang Xie wrote:
>
> > I am trying to port LIDS to LSM right now, I meet a problem when I deal
> > with hook in the do_execve(), there is alloc_security() that I can
> > use. But since I want to check the envp, the bprm here can not give me
> > this envp,
>
> > int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs
> > * regs)
> > {
> > .....
> > retval = security_ops->bprm_ops->alloc_security(&bprm);
> > if (retval)
> > ....
> > }
> >
> > I wonder if you can put this hook a little later that the copy_string can
> > copy envp to bprm or simply add a pointer parameter to alloc_security()?
>
> The alloc_security hook call needs to occur prior to the prepare_binprm
> function call, because prepare_binprm calls the set_security hook, and
> this latter hook expects the security field to be allocated. Hence, you
> cannot simply move the alloc_security hook call. I suppose you could add
> a new hook call on the bprm after the copy_strings calls.
Is there any hook that I can use to do this? or will LSM support to add a
hook for this in the future? like
one way is to add a paramter to current implementation,
security_ops->bprm_ops->alloc_security(&bprm, envp);
or
a new hook after the copy_string()
security_ops->bprm_ops->post_alloc_security(&bprm);
Thanks,
Huagang
--
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028 4731 2BF7 7735 4DBD 3771 4E24 B53B B60A B6EF B028
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 12:13:47 PST