* Stephen Smalley (sds@private) wrote: > On Fri, 2004-08-27 at 16:23, Chris Wright wrote: > > I think this is reasonble consolidation into sigio_perm. Could add the > > signal value that will be used. It seems that having a permission > > check that can be bypassed by user is bad idea. Does SELinux validate > > the signum at fctnl setsig time? > > No, we just map fown->signum or SIGIO if it is 0 to the appropriate > signal permission in the selinux_file_send_sigiotask hook. So we likely > do need to have the caller pass the signal to sigio_perm and then onto > the security hook so that we can distinguish SIGURG appropriately. OK, let's do that then. sigio_perm() is small and localized, shouldn't be an issue to change it and it's callers. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Fri Aug 27 2004 - 13:35:49 PDT