Re: New module: tpe

• Previous message: Especialização...: "É na Unyahna!"
• In reply to: Chris Wright: "Re: New module: tpe"
• Next in thread: dlambrouat_private: "Re: New module: tpe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Chris Wright (chrisat_private) wrote:
> * Niki Rahimi (narahimiat_private) wrote:
> > Chris Wright wrote:
> > 
> > >Great, at first glance this looks very nice.  It'd be great to merge this
> > >into the LSM tree, is that ok?
> > 
> > Thanks! That would be fine by me.
> 
> OK, I'll go ahead and commit it as is, and then we can work on any
> cleanups that might be necessary.

Alright, after some minor license changes to make sure it's Dual BSD/GPL
licensed to honor the original copyright holders license choice, the
thing is committed to the LSM tree.

I made some minor changes:

1) kern_tpe.h -> tpe.h
2) lsm-tpe-readme.txt -> lsm/tpe.txt
3) MODULE_LICNESE("GPL") -> MODULE_LICENSE("Dual BSD/GPL")

Below are some suggestions for cleanup:

1) kern_tpe.h -> tpe.h

2) in kern_tpe.h all the functions that aren't intended to be inlined
should be moved to tpe.c.  Every function should be made static, as none
of them are needed outside the scope of tpe.[ch].

3) i'm not convinced the list needs to be sorted since the TRUSTED_PATH
test will succeed for most cases in the typical $PATH.  personally,
i'd consider making the search simpler, but since the work is done,
then at least do one thing...remove the recursive search algorithm.
I know it's only got one int on the stack, and being a O(log N) algo,
it won't go the depth of the list.  But recursive is just a bad idea if
it can be avoided.  The kernel stack is a very finite resource.  Granted,
the search function will always be called from a fairly shallow stack,
but still.

4)  i haven't looked at the full fs implementation, but my hunch is that
there is much more code than is needed.  is it true that the fs is just
for reading and writing to the tpe uid list?  if so, you don't need to be
able to do anything other than read and write to a single file in the root
dir (perhaps two separate files if you want).  this means that the dir
operations look overkill.  i don't think you need to be able to create
anything in the root dir.  so the mount should populate the root dir
with the read/wirte list entrypoints, and that's all i'd expect to see.

5) this code is smp unsafe, the list can be read and modified by
different tasks simultaneously and should be protected.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: kevindagarmat_private: "I NEED YOUR HELP"
• Previous message: Especialização...: "É na Unyahna!"
• In reply to: Chris Wright: "Re: New module: tpe"
• Next in thread: dlambrouat_private: "Re: New module: tpe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 19 2003 - 14:07:44 PDT