Re: Stacking LSM proof-of-concept

From: Valdis.Kletnieks@private
Date: Thu Jan 27 2005 - 22:25:51 PST


On Thu, 27 Jan 2005 23:20:03 EST, John Richard Moser said:

> This patch has been tested with 3 dummy modules to do transparent
> stacking.  

Have you looked at Serge Hallyn's work in this area?

>          The dummy modules produce unique output with
> printk(KERN_INFO) when you cat /proc/self/maps.  There's also a kernsec
> module to implement GrSecurity linking restrictions and partial /proc
> restrictions, which I wrote to learn how those work.

Yow.. A 110K patch that includes more than one thing.. ;)

+#define _GRSECURITY_DO(function,...) \
+do {\
+	struct grsecurity_operations *ops; \
+	read_lock(&gr_ops_lock); \
+	for (ops = grsecurity_ops; ops; ops = ops->next) { \
+		if ( ops->function ) \
+			ops->function ( __VA_ARGS__ ) ; \
+	} \
+	read_unlock(&gr_ops_lock); \
+} while(0)

This is only used in gr_inode_handle_create() - what happens if one of the
functions manages to throw an error?  Do you *really* want to continue
if one of your stacked modules has just said "I can't label this inode for
later security checking"?





This archive was generated by hypermail 2.1.3 : Thu Jan 27 2005 - 22:26:45 PST