Re: [RFC v2 00/10] snet: Security for NETwork syscalls

From: Samir Bellabes
Date: Sat Mar 06 2010 - 13:40:38 EST

Next message: Al Viro: "Re: "Switch !O_CREAT case to use of do_last()" causes segfault inglibc"
Previous message: Al Viro: "Re: "Switch !O_CREAT case to use of do_last()" causes segfault inglibc"
In reply to: Samir Bellabes: "Re: [RFC v2 00/10] snet: Security for NETwork syscalls"
Next in thread: Tetsuo Handa: "Re: [RFC v2 00/10] snet: Security for NETwork syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> writes:

> Regarding [RFC v2 02/10] Revert "lsm: Remove the socket_post_accept() hook"
> @@ -1538,6 +1538,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
> fd_install(newfd, newfile);
> err = newfd;
>
> + security_socket_post_accept(sock, newsock);
> +
> out_put:
> fput_light(sock->file, fput_needed);
> out:
>
> Please move security_socket_post_accept() to before fd_install().
> Otherwise, other threads which share fd tables can use
> security-informations-not-yet-updated accept()ed sockets.

Tetsuo, what about this patch ?

Next message: Al Viro: "Re: "Switch !O_CREAT case to use of do_last()" causes segfault inglibc"
Previous message: Al Viro: "Re: "Switch !O_CREAT case to use of do_last()" causes segfault inglibc"
In reply to: Samir Bellabes: "Re: [RFC v2 00/10] snet: Security for NETwork syscalls"
Next in thread: Tetsuo Handa: "Re: [RFC v2 00/10] snet: Security for NETwork syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]