Quoting Stephen Smalley ([email protected]):
> On Tue, 2006-03-28 at 07:05 -0600, Serge E. Hallyn wrote:
> > The security_key_alloc() function acted as both an authorizer and
> > security structure allocation function. These roles should be
> > separated. There are two reasons for this.
> >
> > First, if two modules are stacked, the first module might grant
> > permission and allocate security data, after which the second
> > module refuses permission.
> >
> > Second, by adding a security_post_alloc() function after the
> > serial number has been assigned, security modules can append
> > useful info.
>
> Are you sure that the key cannot be accessed (looked up) by another
> process as soon as it is assigned a serial number? If it can be, then
> you risk having it accessed before its security structure is set up.
Ah, that makes sense, and even rings a bell.
So if we were to add a post_alloc() hook, it should likely go into
key_alloc_serial() under the key_serial_lock?
Still assuming that storing the serial number is desirable...
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
