This patch restores the file_permission hook calls in sendfile to the lsm-2.5 BitKeeper tree. The hook calls were dropped from mainline 2.5 from 2.5.29 to 2.5.30 when sendfile was rewritten. If there are no objections, I'll commit this to the lsm-2.5 BitKeeper tree and then post the patch to linux-fsdevel and linux-kernel for consideration in mainline 2.5. Index: lsm-2.5/fs/read_write.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/fs/read_write.c,v retrieving revision 1.18 diff -u -r1.18 read_write.c --- lsm-2.5/fs/read_write.c 27 Dec 2002 13:44:26 -0000 1.18 +++ lsm-2.5/fs/read_write.c 22 Jan 2003 15:33:57 -0000 @@ -531,6 +531,10 @@ if (retval) goto fput_in; + retval = security_file_permission (in_file, MAY_READ); + if (retval) + goto fput_in; + /* * Get output file, and verify that it is ok.. */ @@ -545,6 +549,10 @@ goto fput_out; out_inode = out_file->f_dentry->d_inode; retval = locks_verify_area(FLOCK_VERIFY_WRITE, out_inode, out_file, out_file->f_pos, count); + if (retval) + goto fput_out; + + retval = security_file_permission (out_file, MAY_WRITE); if (retval) goto fput_out; -- Stephen Smalley, NSA sdsat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 08:11:35 PST