* Lachlan McIlroy (lachlanat_private) wrote: > > A recent post by Richard Offer sparked some thoughts about the problems > of maintaining modules that use the LSM framework. > > The current method of sanitizing a module during load only checks that > there are no NULL pointers in the security operations structure. What > about old modules that have a smaller security operations structure > which is immediately followed by non-NULL data? [snipped nice list of possible solutions] Indeed, the verification is not perfect, it's a rather simple solution. However, you must consider that there is no compatibility guarantee for an internal kernel interface (unlike the syscall interface). We do not support binary compatiblity, and if you recompile and the interface has changed, the compiler will^Wshould catch prototype changes. Similarly the verification will detect holes in the structure (perhaps minus the adjacent memory you mentioned above). Given that, I _am_ interested in a nice clean way to initialize the security_ops struct that allows the module author to only overwrite the hooks they care about (similar to the last solution you propose). This is for code readability/maintainablity as well as possibly providing safe fail-close solution. thanks, -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 10:22:54 PDT