On Wed, 10 Jul 2002, Wayne Salamon wrote:
> newsk->security is set before this code in the sk_alloc() call, and we
> need to prevent this pointer from being overwritten with the listening
> sock's security pointer.
I'm still a little concerned about adding the pointer saving into the core
networking code.
What about utilizing the zero_it argument to sk_alloc(), so that
sk_alloc_security() is not called if its value is zero. The only time
this is zero is during the allocation of the new sk in
tcp_create_openreq_child(), and in this case, an sk security field can
then be allocated explicitly during the new hook call. For SELinux, this
would be caught by extsocket_sock_precondition() in any case, right?
The affected code would look something like:
struct sock *sk_alloc(int family, int priority, int zero_it)
{
struct sock *sk = kmem_cache_alloc(sk_cachep, priority);
if(sk && zero_it) {
memset(sk, 0, sizeof(struct sock));
sk->family = family;
if (security_ops->socket_sock_alloc_security(sk)) {
kfree(sk);
return NULL;
}
sock_lock_init(sk);
}
return sk;
}
struct sock *tcp_create_openreq_child(...)
{
struct sock *newsk = sk_alloc(PF_INET, GFP_ATOMIC, 0);
if(newsk != NULL) {
...
TCP_ECN_openreq_child(newtp, req);
security_ops->tcp_create_openreq_child(newsk, skb);
...
}
...
}
So, all that's added to the openreq function is one hook call, which will
be much easier to deal with in case the networking (or all hooks) need to
be made into macros, and we're not leaving any LSM housekeeping droppings
in the core code.
- James
--
James Morris
<jmorrisat_private>
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 07:47:35 PDT