If the
security_ops->bprm_ops->free_security(&bprm);
can take a retval as a return value, it will be good for me.
like,
if (retval >= 0) {
/* execve success */
retval = security_ops->bprm_ops->free_security(&bprm);
return retval;
}
-h
On Wed, 6 Feb 2002, Chris Wright wrote:
> * Stephen Smalley (sdsat_private) wrote:
> >
> > On Wed, 6 Feb 2002, Huagang Xie wrote:
> > >
> > > a new hook after the copy_string()
> > >
> > > security_ops->bprm_ops->post_alloc_security(&bprm);
> >
> > This seems preferable, although it should use a more descriptive name.
> > I assume that you want this hook to be able to return an error value.
> >
> > I don't have any objection to such a hook. Others?
>
> is it possible to delay such a hook until, say flush_old_exec? or perhaps
> this is enough justification for moving prepare_binprm to after the
> copy_strings since set_security should have enough info to label
> accurately. hmm, i suppose the capabilities pieces that are in
> set_security don't rely on being inside of prepare_binprm, so we could
> conceivably just move that hook. i'll stop thinking out loud now... ;-)
>
> i'd rather not introduce new hooks if we can solve the problem with
> existing hooks.
>
> thanks,
> -chris
>
--
Happy Hacking
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028 4731 2BF7 7735 4DBD 3771 4E24 B53B B60A B6EF B028
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 15:01:50 PST