Re: [PATCH] SELinux: Add security hook definition for getioprioand insert hooks
From: Stephen Smalley
Date: Fri Jun 30 2006 - 15:58:39 EST
On Fri, 2006-06-30 at 14:37 -0500, Serge E. Hallyn wrote:
> Quoting James Morris (jmorris@xxxxxxxxx):
> ...
> > +static int get_task_ioprio(struct task_struct *p)
> > +{
> > + int ret;
> > +
> > + ret = security_task_getioprio(p);
> > + if (ret)
> > + goto out;
> > + ret = p->ioprio;
> > +out:
> > + return ret;
> > +}
> ...
> > do_each_task_pid(who, PIDTYPE_PGID, p) {
> > + tmpio = get_task_ioprio(p);
> > + if (tmpio < 0)
> > + continue;
> > if (ret == -ESRCH)
> > - ret = p->ioprio;
> > + ret = tmpio;
> > else
> > - ret = ioprio_best(ret, p->ioprio);
> > + ret = ioprio_best(ret, tmpio);
> ...
> > + * @task_getioprio
> > + * Check permission before getting the ioprio value of @p.
> > + * @p contains the task_struct of process.
> > + * Return 0 if permission is granted.
>
> A return value >0 is a problem here but isn't mentioned. the
> get_task_ioprio() helper will return the the security_task_getioprio()
> return value in htat case, but the do_each_task_pid loop will take it
> as a valid return value.
True, but that isn't limited to that hook - think what happens if
inode_permission returns an arbitrary positive integer.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/