Re: [RFC] LSM fix for stupid "empty" functions

From: Olaf Dietsche (olaf.dietsche#list.linux-kernel@t-online.de)
Date: Sun Dec 01 2002 - 08:59:10 PST

  • Next message: Greg KH: "Re: [RFC] LSM fix for stupid "empty" functions"

    Greg KH <gregat_private> writes:
    
    > I'm _really_ tired of all of the "empty" functions that all security
    > modules need to provide.  So here's a brute force patch that lets any
    > security module only set the functions that it wants to override.  If
    > the function is NULL, then the "dummy" function will be used instead.
    >
    > What do people think of this?  I also cleaned up the comment in the
    > verify function of security/security.c and made it not inline.
    
    I second this. It's very annoying and error-prone to define lots of
    unnecessary functions, not to mention maintainability.
    
    > ===== security/security.c 1.4 vs edited =====
    > --- 1.4/security/security.c	Thu Oct 17 13:21:20 2002
    > +++ edited/security/security.c	Sat Nov 30 23:01:07 2002
    [...]
    > @@ -59,11 +61,8 @@
    >  	/* Perform a little sanity checking on our inputs */
    >  	err = 0;
    >  
    [...]
    >  	VERIFY_STRUCT(struct security_operations, ops, err);
    
    This shouldn't be necessary anymore.
     
    > @@ -106,6 +105,7 @@
    >   */
    >  int register_security (struct security_operations *ops)
    >  {
    > +	security_fixup_ops (ops);
    
    You're patching other people's data structures. Not everybody may like
    this. Maybe it's even impossible on ROM based systems. Do you think a
    copy is doable? Just a thought.
    
    >  	if (verify (ops)) {
    >  		printk (KERN_INFO "%s could not verify "
    
    When ops is NULL, this check is too late.
    
    > @@ -162,6 +162,8 @@
    >   */
    >  int mod_reg_security (const char *name, struct security_operations *ops)
    >  {
    > +	security_fixup_ops (ops);
    > +
    >  	if (verify (ops)) {
    >  		printk (KERN_INFO "%s could not verify "
    >  			"security operations.\n", __FUNCTION__);
    
    Same here.
    
    Nevertheless, I like this patch.
    
    Regards, Olaf.
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Dec 01 2002 - 09:00:37 PST