Re: Question about opaque security field

From: Chris Wright (chrisat_private)
Date: Thu Jan 16 2003 - 18:46:04 PST

  • Next message: Chris Wright: "Re: latest patches"

    copied to list since your mbox appears to be full.
    
    * xhtechat_private (xhtechat_private) wrote:
    >   I have a question about the opaque security field in the lsm architecture.
    >    
    >   For example, if I implemented a module that use void *security in the
    > task struct to attach some security imformation permanently to a task
    > (until it exits), what if some other module modifies the pointer accoding
    > to it's own use?
    
    This is problematic.  Generally speaking, only _one_ security module is
    loaded at any given time.  At least, that is how the kernel sees it.  If
    your module does not support any stacking facilities, than you shouldn't
    have to worry about anyone else touching your opaque field.
    
    It is possible to stack modules, if they agree to work together.  In this
    case, the typical assumption is that the modules know how to work with
    one another, or perhaps one is a simple stateless model that doesn't
    require storage in the opaque field.  Otherwise, special care must be
    taken to make sure that each module operates on the proper opaque
    security field.
    
    You can avoid stacking if you only register via the register_security()
    operation (which registers with the kernel proper).  And don't allow any
    new modules to register with you (see the mod_reg_security() function in
    security_operations).
    
    hope that helps,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jan 16 2003 - 18:52:36 PST