Re: question about bprm_ops->alloc_security(&bprm)

• Previous message: Chris Wright: "[ANNOUNCE] 2002_02_12 patch against 2.5.4"
• In reply to: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Next in thread: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Reply: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Reply: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Thanks for your response. I will sumbmit a patch for that..But when I
try to see if I can get the env string from the bprm->page? I found that
it is complicate for me to decode that envp from brpm->page.. I wonder if
we can use a straight-forward one -- just 

	bprm_ops->check_envp(envp)

,in the check_envp, we can do the get_user(env,envp) to get the data from
user space and check it. I know if it is not consistence with currenct
implementation..but it is an easy way for me to do.

And other question for readdir..LIDS has a feature to hide a file/dir, 
the way to do it is when fill kernel get the dir entry, it call 
filldir() in fs/readdir.c to generate a file-list. LIDS hook in this
function and do a check there..I wonder if LSM can also provide a hook in
this function or other function that can archie the same result.

Thanks for all your support, LIDS can running very well on LSM, except the
"LD_" checking which is very criticle for LIDS, and this hidden file/dir. 

Thanks,
Huagang



 On Fri, 8 Feb 2002, Stephen Smalley wrote:

> 
> On Wed, 6 Feb 2002, Huagang Xie wrote:
> 
> > here is a patch for this hooks..I just add it in fs/exec.c, does this
> > sound good ?
> 
> In general, it would help if you submitted a complete patch, i.e. one that
> updates 'include/linux/security.h' and the example security modules under
> the 'security' directory.  At a minimum, you should include trivial hook
> functions for the dummy and capability modules (they can just return 0),
> and it would be nice to do so for all of the example modules.
> 
> Also, as several people have suggested, you should rename the hook to
> something more appropriate.  Even check_bprm would be better than
> post_alloc_security.
> 
> I agree that a new hook is reasonable here - moving the set_security hook
> or the prepare_binprm call seems like a worse option.
> 
> --
> Stephen D. Smalley, NAI Labs
> ssmalleyat_private
> 
> 
> 
> 
> _______________________________________________
> linux-security-module mailing list
> linux-security-moduleat_private
> http://mail.wirex.com/mailman/listinfo/linux-security-module
> 

-- 
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028 		4731 2BF7 7735 4DBD 3771  4E24 B53B B60A B6EF B028

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Previous message: Chris Wright: "[ANNOUNCE] 2002_02_12 patch against 2.5.4"
• In reply to: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Next in thread: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Reply: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Reply: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 12 2002 - 14:59:31 PST