Thanks,
here is a patch for this hooks..I just add it in fs/exec.c, does this
sound good ?
Thanks,
Huagang
On Wed, 6 Feb 2002, Huagang Xie wrote:
> > On Tue, 5 Feb 2002, Huagang Xie wrote:
> >
> > > I am trying to port LIDS to LSM right now, I meet a problem when I deal
> > > with hook in the do_execve(), there is alloc_security() that I can
> > > use. But since I want to check the envp, the bprm here can not give me
> > > this envp,
> >
> > > int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs
> > > * regs)
> > > {
> > > .....
> > > retval = security_ops->bprm_ops->alloc_security(&bprm);
> > > if (retval)
> > > ....
> > > }
> > >
> > > I wonder if you can put this hook a little later that the copy_string can
> > > copy envp to bprm or simply add a pointer parameter to alloc_security()?
> >
> > The alloc_security hook call needs to occur prior to the prepare_binprm
> > function call, because prepare_binprm calls the set_security hook, and
> > this latter hook expects the security field to be allocated. Hence, you
> > cannot simply move the alloc_security hook call. I suppose you could add
> > a new hook call on the bprm after the copy_strings calls.
>
> Is there any hook that I can use to do this? or will LSM support to add a
> hook for this in the future? like
>
> one way is to add a paramter to current implementation,
> security_ops->bprm_ops->alloc_security(&bprm, envp);
>
> or
> a new hook after the copy_string()
>
> security_ops->bprm_ops->post_alloc_security(&bprm);
>
> Thanks,
> Huagang
>
>
>
--
Happy Hacking
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028 4731 2BF7 7735 4DBD 3771 4E24 B53B B60A B6EF B028
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 14:04:49 PST