Re: [PATCH] Updated seclvl patch

From: Chris Wright (chrisw@private)
Date: Thu Feb 19 2004 - 17:56:55 PST

  • Next message: mohd fayzal: "Re: comparison"

    * Michael Halcrow (mike@private) wrote:
    > Based on feedback and contributions generously provided by Chris
    > Wright, I have produced a new BSD Secure Levels LSM patch against the
    > lsm-2.6 BK tree.
    > 
    >  Changelog:
    >     02/19/2004  Updated by Michael A. Halcrow:
    >       1. Fixed bug in plaintextToSha1 where the hash would not be
    >               calculated properly in the event that the plaintext
    >               spanned multiple pages.
    >       2. Gave seclvl sysfs attributes an owner, to fix a bug whereby
    >               opening a file in sysfs/seclvl, removing the module,
    >               and then reading or writing that file handle led to a
    >               kernel oops.
    
    Thanks, I thought both of those might be a problem.  The full changelog
    isn't really appropriate for the .c file at this point, way too big.
    Could you take that out?
    
    > +#if defined(CONFIG_SECURITY_SECLVL_MODULE)
    > +#define MY_NAME THIS_MODULE->name
    > +#else
    > +#define MY_NAME "seclvl"
    > +#endif
    
    Oops, I thought I had nuked this too.  This is legacy cruft that needs to go
    away.  Could be simply #define MY_NAME "seclvl".
    
    > +/**
    > + * The actual security level.  Ranges between -1 and 2 inclusive.
    > + */
    > +static int seclvl = 0;
    
    static int seclvl;
    
    > +      exit:
    
    formatting?
    
    > +		} else if (cap == CAP_SETUID) {
    
    do you care about CAP_SETGID?
    
    > +#if defined(CONFIG_SECURITY_SECLVL_MODULE)
    > +#define MY_NAME THIS_MODULE->name
    > +#else
    > +#define MY_NAME "seclvl"
    > +#endif
    
    Wait, it's here twice...
    
    > +      exit:
    
    formatting
    
    > +      exit:
    
    formatting
    
    > +static int __init
    > +seclvl_init(void)
    <snip>
    > +	goto exit;
    > +      exit:
    
    hrm?  i thought i fixed that too.  and... formatting
    
    > +static void __exit
    > +seclvl_exit(void)
    
    Do you have an emacs setting or something that changes fucntion def'ns
    etc.?  Because I ran this through Lindent which would do
    
    static void __exit seclvl_exit(void)
    
    unless the line is too long.
    
    anyway, a few more fixups, and it's getting there ;-)
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    



    This archive was generated by hypermail 2b30 : Thu Feb 19 2004 - 17:57:47 PST