Re: Security initializer bugs

From: Stephen Smalley (sdsat_private)
Date: Wed Apr 09 2003 - 10:41:41 PDT

  • Next message: Stephen Smalley: "Re: [RFC][PATCH] Extended Attributes for Security Modules"

    On Wed, 2003-04-09 at 10:28, Mike Wray wrote:
    > The current implementation does not agree with the documentation in
    > security.h - which states that the relevant security fields are
    > nulled on allocation. In these cases they are not. So the implementation
    > is not consistent with the documentation. That's what I call a bug.
    
    A bug in the documentation.  Or more precisely, a failure to update the
    documentation to reflect changes to the code.
    
    > Either the implementation needs fixing to do what the documentation says,
    > or the documentation needs fixing to document what has been implemented.
    
    Yes, the documentation should be fixed.
    
    > Since the other security fields are in fact initialised to NULL it
    > would be more consistent to fix the implementation to agree with
    > the documentation, rather than making special cases for these 2 structs.
    
    I'd expect it to migrate the other direction, i.e. all of the NULL
    initialization will migrate into the alloc_security hook functions.  
    As a side note, the security fields in these two structs and the
    corresponding hooks have all been definitively rejected for 2.5 (in case
    you missed that discussion).  So they simply don't exist in mainline
    2.5.
    
    > I apologize if the code I sent is not an acceptable implementation,
    > but other LSM code already had #ifdef CONFIG_SECURITY_NETWORK in it.
    > For example 'net/core/skbuff.c' has it round 'skb->lsm_security = NULL;'
    > for similar reasons.
    
    That was a case where the base kernel code already had #ifdef's and
    where the initialization was separated from the alloc_security hook
    call.  Also, note that in 2.5, changes to skb allocation have yielded a
    corresponding change, so the initialization has been moved into the hook
    in the lsm-2.5 tree.  As a side note, note that the skb security field
    and hooks were also definitively rejected for mainline 2.5.
    
    -- 
    Stephen Smalley <sdsat_private>
    National Security Agency
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Apr 09 2003 - 10:42:34 PDT