Re: [PATCH] Properly split capset_check+capset_set

[Stephen Smalley]

On Wed, 2004-12-15 at 14:48, Serge E. Hallyn wrote:
> The attached patch (against 2.6.10-rc3-mm1 w/ ioctl patch) removes the
> redundant cap_capset_check hook and moves the security_capset_check
> call to just before security_capset_set.  The selinux_capset_set hook
> now simply sets the capability (through its secondary), while
> selinux_capset_check checks the authorization permission.

One minor complaint:  the caller of capset() will no longer receive any
error code if security_capset_check() fails.  I don't think that it is
necessary to preserve any error return in the cases where capset() is
being applied to multiple processes, but in the case where it is being
applied to a single specific process, it would be nice if any error
return from security_capset_check() would be returned to the caller.

I also wonder whether the existing hardcoded checks should be moved into
the new security_capset_check() hook function for dummy and commoncap so
that they will be applied to the real target, even when pid < 0. 
Otherwise, those hardcoded checks seem bogus in the pid < 0 case, as
they are then applied to current rather than to the true targets.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/