Re: security hook missing in compat ioctl in 2.6.11-rc1-mm2

[Chris Wright]

* Michael S. Tsirkin (mst@xxxxxxxxxxxxxx) wrote:
> Hi!
> Security hook seems to be missing before compat_ioctl in mm2.
> And, it would be nice to avoid calling it twice on some paths.
> 
> Chris Wright's patch addressed this in the most elegant way I think,
> by adding vfs_ioctl.
> 
> Accordingly, this change:
> 
> @@ -468,6 +496,11 @@ asmlinkage long compat_sys_ioctl(unsigne
>  
>   found_handler:
>  	if (t->handler) {
> +		/* RED-PEN how should LSM module know it's handling 32bit? */
> +		error = security_file_ioctl(filp, cmd, arg);
> +		if (error)
> +			goto out_fput;
> +
>  		lock_kernel();
>  		error = t->handler(fd, cmd, arg, filp);
>  		unlock_kernel();
> 
>  from Andy's "some fixes" patch wont be needed.
> 
> Chris - are you planning to update your patch to -rc1-mm2?
> I'd like to see this addressed, after this I believe logically
> we'll get everything right, then I have a couple of small
> cosmetic patches, and I believe we'll be set.

Yes, Andrew asked me to wait until mm2 came out, so I'll rediff and send
shortly.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/