readv/writev syscalls are not checked by lsm

From: Kostik Belousov (kostikbel@private)
Date: Wed Sep 28 2005 - 08:21:28 PDT

Previous message: John Richard Moser: "Implementing security with SELinux"
Next in thread: Stephen Smalley: "Re: readv/writev syscalls are not checked by lsm"
Reply: Stephen Smalley: "Re: readv/writev syscalls are not checked by lsm"
Reply: Chris Wright: "Re: readv/writev syscalls are not checked by lsm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

it seems that readv(2)/writev(2) syscalls do not call
file_permission callback. Looks like this is overlook.

I have filled the issue into redhat bugzilla as
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169433
and got the recommendation to post this on lsm mailing list.

The following trivial patch solves the problem.

--- linux-2.6.12/fs/read_write.c	2005-09-28 16:18:29.000000000 +0300
+++ p/fs/read_write.c	2005-09-28 17:17:08.000000000 +0300
@@ -485,6 +485,9 @@
 	ret = rw_verify_area(type, file, pos, tot_len);
 	if (ret)
 		goto out;
+	ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
+	if (ret)
+		goto out;
 
 	fnv = NULL;
 	if (type == READ) {

Best regargs,
Kostik Belousov

Previous message: John Richard Moser: "Implementing security with SELinux"
Next in thread: Stephen Smalley: "Re: readv/writev syscalls are not checked by lsm"
Reply: Stephen Smalley: "Re: readv/writev syscalls are not checked by lsm"
Reply: Chris Wright: "Re: readv/writev syscalls are not checked by lsm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Sep 29 2005 - 00:40:58 PDT