Re: question about bprm_ops->alloc_security(&bprm) (fwd)

• Previous message: hgxieat_private: "Re: question about bprm_ops->alloc_security(&bprm)"
• In reply to: Chris Wright: "Re: question about bprm_ops->alloc_security(&bprm) (fwd)"
• Next in thread: Serge E. Hallyn: "Re: question about bprm_ops->alloc_security(&bprm) (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 6 Feb 2002, Chris Wright wrote:

> 2) move the set_security hook out of prepare_binprm and locate it after
> the copy_strings calls.  penalty same as above, plus any problems
> introduced by this move (i don't see any in dummy.c, capability.c and
> owlsm.c).

This may have side effects.  prepare_binprm can be called multiple times
on the same execve operation, e.g. from search_binary_handler on
/sbin/loader for the Alpha or from the em86, misc, or script binary format
handlers for interpreters.  Keeping the set_security hook in
prepare_binprm allows the security module to perform checking for these
additional calls and possibly to revise the new linux_binprm security
data based on the loader/interpreter.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Serge E. Hallyn: "Re: question about bprm_ops->alloc_security(&bprm)"
• Previous message: hgxieat_private: "Re: question about bprm_ops->alloc_security(&bprm)"
• In reply to: Chris Wright: "Re: question about bprm_ops->alloc_security(&bprm) (fwd)"
• Next in thread: Serge E. Hallyn: "Re: question about bprm_ops->alloc_security(&bprm) (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 04:46:24 PST