Re: Correct incantation to get a string in sys_security?

From: Seth Arnold (sarnoldat_private)
Date: Tue Sep 03 2002 - 12:28:14 PDT

  • Next message: David Wheeler: "Could someone update the website LSM documentation?"

    On Tue, Sep 03, 2002 at 12:08:27PM -0400, David Wheeler wrote:
    > What's the proper incantation to use in sys_security()
    > to acquire a string sent from userspace
    > as the first parameter of "args"?
    > 
    > As you know, sys_security has this form:
    > static int stacker_sys_security (unsigned int id, unsigned int call,
    >                                 unsigned long *args)
    > 
    > I check for the correct id, then check for certain call values,
    > and for certain call values I need the user to pass in a
    > C string (\0-terminated, with a maximum size).
    > get_user() seems to be for single characters, so that's not
    > what I want.
    > 
    > Preprocessor-defined copy_from_user() takes a constant length,
    > which isn't really what I want.
    
    David, there are two different versions of copy_from_user; one is
    constant sized, the other is variable sized, and I believe the macro can
    correctly choose between the two versions as needed. So, you can use
    copy_from_user with a run-time computed value just fine.
    
    As for copying a null-terminated string, you could: (a) wrap get_user in
    a loop and checking for '\0' or EFAULT with every transferred character
    or (b) copy in the max amount, and trim to the null manually. (I don't
    actually recommend (b).)
    
    The way I'd expect many modules to implement sys_security() is to pass a
    structure in the unsigned long *args arg, where an early element of the
    structure says how long the data is that is being transferred.
    
    -- 
    http://immunix.org/
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 12:29:34 PDT