[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20061214170229.d0f06a57.randy.dunlap@oracle.com>
Date: Thu, 14 Dec 2006 17:02:29 -0800
From: Randy Dunlap <randy.dunlap@...cle.com>
To: Zack Weinberg <zackw@...ix.com>
Cc: Stephen Smalley <sds@...ho.nsa.gov>, jmorris@...ei.org,
Chris Wright <chrisw@...s-sol.org>,
linux-kernel@...r.kernel.org
Subject: Re: [patch 2/4] permission mapping for sys_syslog operations
On Thu, 14 Dec 2006 16:16:41 -0800 Zack Weinberg wrote:
> As suggested by Stephen Smalley: map the various sys_syslog operations
> to a smaller set of privilege codes before calling security modules.
> This patch changes the security module interface! There should be no
> change in the actual security semantics enforced by dummy, capability,
> nor SELinux (with one exception, clearly marked in sys_syslog).
>
> Change from previous version of patch: the privilege codes are now
> in linux/security.h instead of linux/klog.h, and use the LSM_* naming
> convention used for other such constants in that file.
>
>
> Index: linux-2.6/kernel/printk.c
> ===================================================================
> --- linux-2.6.orig/kernel/printk.c 2006-12-13 16:06:22.000000000 -0800
> +++ linux-2.6/kernel/printk.c 2006-12-13 16:08:30.000000000 -0800
> @@ -164,6 +164,12 @@
>
> __setup("log_buf_len=", log_buf_len_setup);
>
> +#define security_syslog_or_fail(type) do { \
> + int error = security_syslog(type); \
> + if (error) \
> + return error; \
> + } while (0)
> +
>From Documentation/CodingStyle:
Things to avoid when using macros:
1) macros that affect control flow: ...
> /* See linux/klog.h for the command numbers passed as the first argument. */
> int do_syslog(int type, char __user *buf, int len)
> {
> @@ -172,16 +178,15 @@
> char c;
> int error = 0;
>
> - error = security_syslog(type);
> - if (error)
> - return error;
> -
> switch (type) {
> case KLOG_CLOSE:
> + security_syslog_or_fail(LSM_KLOG_READ);
> break;
> case KLOG_OPEN:
> + security_syslog_or_fail(LSM_KLOG_READ);
> break;
> case KLOG_READ:
> + security_syslog_or_fail(LSM_KLOG_READ);
> error = -EINVAL;
> if (!buf || len < 0)
> goto out;
> @@ -213,9 +218,11 @@
> error = i;
> break;
> case KLOG_READ_CLEAR_HIST:
> + security_syslog_or_fail(LSM_KLOG_CLEARHIST);
> do_clear = 1;
> /* FALL THRU */
> case KLOG_READ_HIST:
> + security_syslog_or_fail(LSM_KLOG_READHIST);
> error = -EINVAL;
> if (!buf || len < 0)
> goto out;
> @@ -269,15 +276,19 @@
> }
> break;
> case KLOG_CLEAR_HIST:
> + security_syslog_or_fail(LSM_KLOG_CLEARHIST);
> logged_chars = 0;
> break;
> case KLOG_DISABLE_CONSOLE:
> + security_syslog_or_fail(LSM_KLOG_CONSOLE);
> console_loglevel = minimum_console_loglevel;
> break;
> case KLOG_ENABLE_CONSOLE:
> + security_syslog_or_fail(LSM_KLOG_CONSOLE);
> console_loglevel = default_console_loglevel;
> break;
> case KLOG_SET_CONSOLE_LVL:
> + security_syslog_or_fail(LSM_KLOG_CONSOLE);
> error = -EINVAL;
> if (len < 1 || len > 8)
> goto out;
> @@ -287,9 +298,18 @@
> error = 0;
> break;
> case KLOG_GET_UNREAD:
> + security_syslog_or_fail(LSM_KLOG_READ);
> error = log_end - log_start;
> break;
---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists