| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 May 2011 15:45:27 +0200
From: Samir Bellabes <sam@...ack.fr>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: linux-security-module@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [RFC v3 01/10] lsm: add security_socket_closed()
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes:
> Samir Bellabes wrote:
>> Allow a module to update security informations when a socket is closed.
> Is security_inode_free() too late for doing it?
>
> static void ccs_inode_free_security(struct inode *inode)
> {
> if (inode->i_sb && inode->i_sb->s_magic == SOCKFS_MAGIC)
> ccs_update_socket_tag(inode, 0);
> }
this point won't be possible.
security_inode_free() is occuring too late :
static int sock_close(struct inode *inode, struct file *filp)
{
security_socket_close(SOCKET_I(inode));
... -> acces sock->sk infos in this hook
sock_release(SOCKET_I(inode));
{
sock->ops->release(sock);
{
int inet_release(struct socket *sock)
{
struct sock *sk = sock->sk;
if (sk) {
sock_rps_reset_flow(sk);
sock->sk = NULL;
sk->sk_prot->close(sk, timeout);
--> here sk infos are now removed
}
}
if (!sock->file) {
iput(SOCK_INODE(sock));
--> here we are removing the inode, so
security_inode_free is called now, but too late.
}
}
}
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists