Re: [RFC] LSM generic ioctl permissions patch (1/1)

From: Stephen Smalley (sds@private)
Date: Mon Nov 14 2005 - 06:27:24 PST


On Sun, 2005-11-13 at 05:06 +0000, Lorenzo Hernandez Garcia-Hierro
wrote:
> +	/* generic check for getattr/setattr ioctls */
> +	if ((_IOC_DIR(cmd) & _IOC_READ)) {
> +        	file_has_perm(current, file, FILE__GETATTR);

Return value ignored, and it will fall through to the default case of
the switch statement.

> +        } else if ((_IOC_DIR(cmd) & _IOC_WRITE)) {
> +        	file_has_perm(current, file, FILE__SETATTR);
> +        }

Ditto.

What if the ioctl command has both read and write directions?  Better to
construct an access vector with all appropriate permissions and then
call file_has_perm once and return its value.

_IOC_NONE case should likely trigger a file_has_perm(current, file, 0);
 
> +	switch (cmd) {
>  		/* sys_ioctl() checks */
>  		case FIONBIO:
>  		/* fall through */

What _IOC_DIR is associated with the remaining generic ioctls here?

Naturally, this change needs extensive testing to assess its impact on
policy. 

-- 
Stephen Smalley
National Security Agency



This archive was generated by hypermail 2.1.3 : Mon Nov 14 2005 - 06:49:20 PST