Re: Stacking LSM proof-of-concept

From: John Richard Moser (nigelenki@private)
Date: Fri Jan 28 2005 - 08:17:27 PST

Previous message: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
In reply to: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
Next in thread: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
Reply: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Valdis.Kletnieks@private wrote:
> On Thu, 27 Jan 2005 23:20:03 EST, John Richard Moser said:
> 
> 
>>This patch has been tested with 3 dummy modules to do transparent
>>stacking.  
> 
> 
> Have you looked at Serge Hallyn's work in this area?
> 

Yes, he was the one that suggested I spit this patch at the LSM mailing
list for fun and comment.

Serge's work was what prompted me to do this.  I wrote this so that I
could find out how LSM works, and chunks of GrSecurity; but I started
after reading his stacking implementation and not understanding what the
thing was up to.  I still don't, but eh, I still learned something.

> 
>>         The dummy modules produce unique output with
>>printk(KERN_INFO) when you cat /proc/self/maps.  There's also a kernsec
>>module to implement GrSecurity linking restrictions and partial /proc
>>restrictions, which I wrote to learn how those work.
> 
> 
> Yow.. A 110K patch that includes more than one thing.. ;)
> 

80k

I was doing 2 (hooks + modules) but eh, it was too much work

> +#define _GRSECURITY_DO(function,...) \
> +do {\
> +	struct grsecurity_operations *ops; \
> +	read_lock(&gr_ops_lock); \
> +	for (ops = grsecurity_ops; ops; ops = ops->next) { \
> +		if ( ops->function ) \
> +			ops->function ( __VA_ARGS__ ) ; \
> +	} \
> +	read_unlock(&gr_ops_lock); \
> +} while(0)
> 
> This is only used in gr_inode_handle_create() - what happens if one of the
> functions manages to throw an error?  Do you *really* want to continue
> if one of your stacked modules has just said "I can't label this inode for
> later security checking"?

That's only used for non-error-returning functions.  I did say this was
just academic, not serious.

Also notice I only wrote something like 5 or 10 hooks :)  It's feasible
to only use a macro "once" when you only have "one" hook :P

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB+mWWhDd4aOud5P8RAkaHAJ9oETVcbziUuFtzjvZsDPr/EM0feACeKmia
OdcmvoxOObQ3UbOQqSCUjAQ=
=LYHJ
-----END PGP SIGNATURE-----

Previous message: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
In reply to: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
Next in thread: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
Reply: Valdis.Kletnieks@private: "Re: Stacking LSM proof-of-concept"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Jan 28 2005 - 08:17:34 PST