[PATCH] Remove use of nameidata by selinux_inode_permission

From: Stephen Smalley
Date: Fri Dec 19 2003 - 11:20:20 EST


This patch against 2.6.0 removes the use of nameidata by
selinux_inode_permission, as this appears to be unsafe in certain cases
(e.g. path_walk call from rpc_lookup_parent), leading to an Oops if
d_path is subsequently called by avc_audit on the (mnt,dentry) pair to
generate a pathname for an audit message. The change does not affect
the ability of SELinux to perform its permission check (which only
requires the inode), only the set of information that is available for
audit messages. We'll investigate better approaches for the SELinux
audit generation in the future. Please apply, or let me know if you
would like me to resubmit later.

security/selinux/hooks.c | 4 ----
1 files changed, 4 deletions(-)

--- linux-2.6.0/security/selinux/hooks.c 2003-12-17 21:59:41.000000000 -0500
+++ linux-2.6.0-respin/security/selinux/hooks.c 2003-12-19 10:42:20.000000000 -0500
@@ -1738,10 +1738,6 @@
return 0;
}

- if (nd && nd->dentry)
- return dentry_has_perm(current, nd->mnt, nd->dentry,
- file_mask_to_av(inode->i_mode, mask));
-
return inode_has_perm(current, inode,
file_mask_to_av(inode->i_mode, mask), NULL, NULL);
}




--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/