Re: [PATCH] Add user taint flag
From: Randy.Dunlap
Date: Mon May 22 2006 - 11:45:24 EST
On Sun, 21 May 2006 19:04:32 -0400 Theodore Ts'o wrote:
>
> Allow taint flags to be set from userspace by writing to
> /proc/sys/kernel/tainted, and add a new taint flag, TAINT_USER, to be
> used when userspace is potentially doing something naughty that might
> compromise the kernel. This will allow support personnel to ask further
> questions about what may have caused the user taint flag to have been
> set. (For example, by examining the logs of the JVM to determine what
> evil things might have been lurking in the hearts of Java programs. :-)
>
> Signed-off-by: "Theodore Ts'o" <tytso@xxxxxxx>
>
>
> Index: linux-2.6/kernel/sysctl.c
> ===================================================================
> --- linux-2.6.orig/kernel/sysctl.c 2006-03-25 21:26:38.000000000 -0500
> +++ linux-2.6/kernel/sysctl.c 2006-05-21 19:00:15.000000000 -0400
> @@ -1835,6 +1835,23 @@
> do_proc_dointvec_bset_conv,&op);
> }
>
> +/*
> + * Taint values can only be increased
> + */
> +int proc_dointvec_taint(ctl_table *table, int write, struct file *filp,
> + void __user *buffer, size_t *lenp, loff_t *ppos)
> +{
> + int op;
> +
> + if (!capable(CAP_SYS_ADMIN)) {
> + return -EPERM;
> + }
no braces.
> +
> + op = OP_OR;
> + return do_proc_dointvec(table,write,filp,buffer,lenp,ppos,
> + do_proc_dointvec_bset_conv,&op);
find/use that spacebar (after commas).
> +}
> +
> struct do_proc_dointvec_minmax_conv_param {
> int *min;
> int *max;
---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/