Re: [RFC] LSM changes for 2.5.38

From: Greg KH (greg@kroah.com)
Date: Thu Sep 26 2002 - 17:51:48 EST

Next message: Linus Torvalds: "Re: [patch] 'sticky pages' support in the VM, futex-2.5.38-C5"
Previous message: Ryan Cumming: "Re: [BK PATCH] Add ext3 indexed directory (htree) support"
In reply to: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
Next in thread: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
Reply: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 27, 2002 at 12:32:10AM -0400, Christoph Hellwig wrote:
>
> > /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
> > static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
> > @@ -62,7 +63,12 @@
> > return -EINVAL;
> > if (turn_on && !capable(CAP_SYS_RAWIO))
> > return -EPERM;
> > -
> > +
> > + ret = security_ops->ioperm(from, num, turn_on);
> > + if (ret) {
> > + return ret;
> > + }
> > +
>
> Sorry, but this is bullshit (like most of the lsm changes). Either you
> leave the capable in and say it's enough or you add your random hook
> and remove that one. Just adding more and more hooks without thinking
> gets us exactly nowhere except to an unmaintainable codebase.

capable is needed to be checked, as we are not modifying the existing
permission logic.

> Also is there a _real_ need to pass in all the arguments?

I'll let Stephen answer that one, as SELinux uses it.

Oops, ok, nevermind, I don't see _any_ security module using this hook.
In fact they are using the capable(CAP_SYS_RAWIO) hook, which is exactly
what you suggest :)

I'll go remove it.

> > return -EPERM;
> > }
> > + retval = security_ops->iopl(old, level);
> > + if (retval) {
> > + return retval;
> > + }
> > +
>
> again (and another few times)

Ok, again, no one is using it. I'll go remove it (and go audit all of
the other hooks.)

> > + * @module_create:
> > + * Check the permission before allocating space for a module.
> > + * @name contains the module name.
> > + * @size contains the module size.
> > + * Return 0 if permission is granted.
> > + * @module_initialize:
> > + * Check permission before initializing a module.
> > + * @mod contains a pointer to the module being initialized.
> > + * Return 0 if permission is granted.
>
> Umm, you can't tell me you deny someone to initialize a module he has
> just created?

Bah, ok, again no one uses these either.

Consider me roasted, I'll go audit this whole thing to try to justify
every one of the hooks we ask for.

Very sorry for bothering people.

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [patch] 'sticky pages' support in the VM, futex-2.5.38-C5"
Previous message: Ryan Cumming: "Re: [BK PATCH] Add ext3 indexed directory (htree) support"
In reply to: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
Next in thread: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
Reply: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Sep 30 2002 - 22:00:29 EST