Re: [PATCH 1/9] Unionfs: security convert lsm into a static interface fix

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Erez Zadok

Subject: Re: [PATCH 1/9] Unionfs: security convert lsm into a static interface fix

Date: Monday, October 22, 2007 - 5:48 pm

In message <20071022082231.GA15132@infradead.org>, Christoph Hellwig writes:
quoted text> On Sun, Oct 21, 2007 at 07:51:14PM -0400, Erez Zadok wrote:
> > From: Andrew Morton <akpm@linux-foundation.org>
> > 
> > ERROR: "security_inode_permission" [fs/unionfs/unionfs.ko] undefined!
> > ERROR: "security_file_ioctl" [fs/unionfs/unionfs.ko] undefined!
> > 
> > Need these back.
> 
> These should never used by modules.

Why?  Are you concerned that the security policy may change after a module
is loaded?  My understanding of the security code is that it should handle
this, even if people call security_*() functions directly.  When I look at
the security_* functions in security.c, to me they very much smell like
global wrappers that others can call, b/c they refer to private/global ops
vectors that one should not be referencing directly.  For example:

int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
	return security_ops->file_ioctl(file, cmd, arg);
}

quoted text> You'll need to use and/or introduce
> vfs_ helpers that do proper security checks before calling the methods.

I can probably get rid of having unionfs call security_inode_permission, by
calling permission() myself and carefully post-process its return code
(unionfs needs to "ignore" EROFS initially, to allow copyup to take place).

But security_file_ioctl doesn't have any existing helper I can call.  I can
introduce a trivial vfs_security_file_ioctl wrapper to security_file_ioctl,
but what about the already existing *19* exported security_* functions in
security/security.c?  Do you want to see simple wrappers for all of them?
It seems redundant to add a one-line wrapper around an already one-line
function around security_ops->XXX.  Plus, some of the existing exported
security_* functions are file-system related, others are networking, etc.  So
we'll need wrappers whose names are prefixed appropriately: vfs_*, net_*,
etc.

Thanks,
Erez.
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[GIT PULL -mm] 0/9 Unionfs updates/cleanups/fixes, Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 1/9] Unionfs: security convert lsm into a static in ..., Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 2/9] Unionfs: slab api remove useless ctor paramete ..., Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 3/9] Unionfs: support lower filesystems without wri ..., Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 4/9] Unionfs: don't printk trivial message upon nor ..., Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 5/9] Unionfs: don't bother validating dentry if it ..., Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 6/9] Unionfs: convert a printk to pr_debug in release, Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 7/9] Unionfs: remove for_writepages nfs workaround, Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 8/9] Unionfs: fix unionfs_setattr to handle ATTR_KI ..., Erez Zadok, (Sun Oct 21, 4:51 pm)

[PATCH 9/9] Unionfs: remove obsolete #define and comment, Erez Zadok, (Sun Oct 21, 4:51 pm)

Re: [PATCH 1/9] Unionfs: security convert lsm into a stati ..., Christoph Hellwig, (Mon Oct 22, 1:22 am)

Re: [PATCH 1/9] Unionfs: security convert lsm into a stati ..., Erez Zadok, (Mon Oct 22, 5:48 pm)

Re: [PATCH 1/9] Unionfs: security convert lsm into a stati ..., Christoph Hellwig, (Tue Oct 23, 2:07 am)

Re: [PATCH 1/9] Unionfs: security convert lsm into a stati ..., Erez Zadok, (Sat Oct 27, 4:01 pm)


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?