Re: New hooks for sock structure

• Previous message: Greg KH: "Re: Submitting LSM (Was: Re: OLS Bof info)"
• In reply to: Wayne Salamon: "Re: New hooks for sock structure"
• Next in thread: Wayne Salamon: "Re: New hooks for sock structure"
• Next in thread: James Morris: "Re: New hooks for sock structure"
• Reply: Wayne Salamon: "Re: New hooks for sock structure"
• Reply: Stephen Smalley: "Re: New hooks for sock structure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Wayne Salamon (wsalamonat_private) wrote:
> 
>   In the original SELinux prototype, the client security info was
> maintained in the sock struct. In the current LSM SELinux, we tried to
> avoid using the sock structure and implemented a list of connection-SID
> mappings, but this is prone to leak memory and is not very elegant, and
> doesn't always work in the UNIX case. See
> http://www.nsa.gov/selinux/doc/module/x2043.html for a detailed
> discussion. So we decided to add security info to the sock struct in the
> same manner as the original prototype.

Got it, will read the doc.

> > It seems reasonable to keep label from skb up through socket.  I am not
> > clear that SCM isn't useful enough in the AF_UNIX family, but like I
> > said, I haven't looked at this very thoroughly.
> >
> 
>   In the UNIX case, we're not using the new hook. It's enough to just add
> the new sock structure as a parameter to unix_stream_connect() hook as
> part of this patch.

Ah, so perhaps we should apply this bit while still working on the finer
details of the other part of the patch?

> >  - the save/restore bit seems a little funky
> 
>   Yea, but we wanted to centralize the call to the
> socket_sock_alloc_security() hook in the sock allocator (sk_alloc).
> Therefore, we need to preserve the security field around the cloning of
> the newsk from the existing sk structure.

Yeah, I understand the need, it's just awkward.  It would be nice to find
a way that's cleaner.

> >  - if (sk != NULL ), just do if (sk) (which is already checked above,
> >    although collapsing into one check might not be worth it considering
> >    the zero_it.)
> >
> 
>   Hmm..., is this a coding style comment, or do you have other concerns? I
> realize that the check above my check is of your form, but
> __kmem_cache_alloc() returns NULL on failure, not zero. Other parts of the
> kernel use both forms.

Sorry, mostly a coding style comment.  But also noting this is already
checked for, and given the sensitivity of this path it would be nice to
minimize branching.

thanks,
-chris
--
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: Submitting LSM (Was: Re: OLS Bof info)"
• Previous message: Greg KH: "Re: Submitting LSM (Was: Re: OLS Bof info)"
• In reply to: Wayne Salamon: "Re: New hooks for sock structure"
• Next in thread: Wayne Salamon: "Re: New hooks for sock structure"
• Next in thread: James Morris: "Re: New hooks for sock structure"
• Reply: Wayne Salamon: "Re: New hooks for sock structure"
• Reply: Stephen Smalley: "Re: New hooks for sock structure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 12:56:29 PDT