Re: Question about opaque security field

From: Chris Wright (chrisat_private)
Date: Thu Jan 16 2003 - 18:46:04 PST

  • Next message: Chris Wright: "Re: latest patches"

    copied to list since your mbox appears to be full.
    * xhtechat_private (xhtechat_private) wrote:
    >   I have a question about the opaque security field in the lsm architecture.
    >   For example, if I implemented a module that use void *security in the
    > task struct to attach some security imformation permanently to a task
    > (until it exits), what if some other module modifies the pointer accoding
    > to it's own use?
    This is problematic.  Generally speaking, only _one_ security module is
    loaded at any given time.  At least, that is how the kernel sees it.  If
    your module does not support any stacking facilities, than you shouldn't
    have to worry about anyone else touching your opaque field.
    It is possible to stack modules, if they agree to work together.  In this
    case, the typical assumption is that the modules know how to work with
    one another, or perhaps one is a simple stateless model that doesn't
    require storage in the opaque field.  Otherwise, special care must be
    taken to make sure that each module operates on the proper opaque
    security field.
    You can avoid stacking if you only register via the register_security()
    operation (which registers with the kernel proper).  And don't allow any
    new modules to register with you (see the mod_reg_security() function in
    hope that helps,
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 16 2003 - 18:52:36 PST