Re: [RFC] [PATCH] [2/6] LSM Stacking: Add stacker LSM
From: Jonathan Corbet
Date: Wed Nov 10 2004 - 12:45:18 EST
Without addressing the question of whether stacking modules makes sense
in the first place, I'd like to note a couple of things which caught my
eye:
> +static int stacker_register (const char *name, struct
> security_operations *ops)
> +{
> + /* This function is the primary reason for the stacker module.
> + Add the stacked module (as specified by name and ops)
> + according to the current ordering policy. */
> +
> + char *new_module_name;
> + struct module_entry *new_module_entry;
> + int namelen;
> +
> + num_stacked_modules++;
> [...]
> + return num_stacked_modules-1;
> +}
Unless I've missed it, you never check num_stacked_modules against
CONFIG_NUM_LSMS. If somebody loads too many modules, they risk
overflowing all of those void * security arrays you've added to so many
kernel data structures, and thus corrupting those structures. That, in
technical terms, would be a bummer.
In stacker_unregister(), you do:
> + num_stacked_modules--;
What happens if you unload anything other than the last module, then
load something else? When you return num_stacked_modules-1 to the new
module, you'll point it to a slot in those security arrays which is
already used by another module. The result seems unlikely to improve
security.
Unless I'm simply confused? It's happened before...
jon
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/