login
Login / Register
Header Space

 
 

Home » Forums » Linux » Linux kernel

Some questions about Authorization Hook Placement for LSM

April 26, 2005 - 4:42am
Submitted by Anonymous on April 26, 2005 - 4:42am.
Linux

Dear,

I'm newbee with linux kernel. I'm doing project related to Linux Security Module. I'm using a static analysis tool called Blast to verify the conrectness of the LSM. I've read some materials which talking about controlled operations concept, LSM authorization hook placement, etc. My approach identifies controlled operations of the controlled objects that are accessed prior to authorization. Basically, it's somewhat clear, but actualy, I got the problem in identifying some controlled operations for which some kernel objects implemented. Specifically, I would say that, it's not difficult to identify controlled operation(CO) for objects such as: file, inode. However, I was getting confused to identify them for other objects such as: tasks, socket, ipc messages, etc. Plz, let have a look in the code as follow:

/**
* source code: fs/namei.c
* linux kernel ver 2.6.11.5
**/

int vfs_create(struct inode *dir, struct dentry *dentry, int mode, struct nameidata *nd)
{
int error = may_create(dir, dentry, nd);
if (error)
return error;
if (!dir->i_op || !dir->i_op->create)
return -EACCES; /* shouldn't it be ENOSYS? */
mode &= S_IALLUGO;
mode |= S_IFREG;
error = security_inode_create(dir, dentry, mode); // hook function
if (error)
return error;
DQUOT_INIT(dir);
error = dir->i_op->create(dir, dentry, mode, nd); // mediated function
if (!error) {
inode_dir_notify(dir, DN_CREATE);
security_inode_post_create(dir, dentry, mode);
}
return error;
}

Just mentioned above, mostly, the controlled operations are being called through function pointer. Particularly, it's a "create()" one in this example. However, so it's no longer clear that other operations are actually implemented for other objects. Plz, let's see another code.

/* include/linux/security.h */
* @security_task_setpgid:
* Check permission before setting the process group identifier of the
* process @p to @pgid.
* @p contains the task_struct for process being modified.
* @pgid contains the new pgid.
* Return 0 if permission is granted.

/* kernel/sys.c */
asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
{
struct task_struct *p;

// some code are removed for simplicity

ok_pgid: // jump to a lable
err = security_task_setpgid(p, pgid);

if (err)
goto out;

if (process_group(p) != pgid) { // here mabe an operation
detach_pid(p, PIDTYPE_PGID); // here also an operation
p->signal->pgrp = pgid;
attach_pid(p, PIDTYPE_PGID, pgid); // here also other operation
}

err = 0;
out: // jump to other lable
// some code here

return err;
}

In the given code above, I just make some comments for which the operations might be. I'm not sure, therefore I'd like you give me some advices or solution somehow identify them correctly or some internet addresses related to this problem. Any your idea will be hightly appreciated:) :-) :-)

Thank you in advance and looking forward to hearing from you

--
Duong H. Uong

‹ kernel 2.6.11.x to 2.6.12-rc3 broke alsa Linux: 2.4.31-pre1, 2.4 Source Moving To Git ›

Colocation donated by:
Who's online
There are currently 3 users and 922 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary