Re: question about bprm_ops->alloc_security(&bprm)

From: Stephen Smalley (sdsat_private)
Date: Wed Feb 13 2002 - 06:13:57 PST

  • Next message: Stephen Smalley: "Re: question about bprm_ops->alloc_security(&bprm)"

    On Tue, 12 Feb 2002, Huagang Xie wrote:
    
    > Thanks for your response. I will sumbmit a patch for that..But when I
    > try to see if I can get the env string from the bprm->page? I found that
    > it is complicate for me to decode that envp from brpm->page.. I wonder if
    > we can use a straight-forward one -- just
    >
    > 	bprm_ops->check_envp(envp)
    >
    > ,in the check_envp, we can do the get_user(env,envp) to get the data from
    > user space and check it. I know if it is not consistence with currenct
    > implementation..but it is an easy way for me to do.
    
    That wouldn't be safe.  An application could effectively bypass your
    checks by changing the environment values between the time that the kernel
    copies them and the time that your code copies them.  This is a very
    common type of flaw (TOCTTOU - time-of-check-to-time-of-use), and we don't
    want to encourage it in LSM.  You need to check the kernel's copy of the
    environment if you want to perform such checks.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 06:15:29 PST