| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Apr 2007 11:12:37 +0100 From: Al Viro <viro@....linux.org.uk> To: jjohansen@...e.de Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org, chrisw@...s-sol.org, Tony Jones <tonyj@...e.de>, Andreas Gruenbacher <agruen@...e.de> Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook On Thu, Apr 12, 2007 at 02:08:10AM -0700, jjohansen@...e.de wrote: > This is needed for computing pathnames in the AppArmor LSM. Which is an argument against said LSM in current form. > - error = security_inode_create(dir, dentry, mode); > + error = security_inode_create(dir, dentry, nd ? nd->mnt : NULL, mode); is a clear sign that interface is wrong. Leaving aside the general idiocy of "we prohibit to do something with file if mounted here, but if there's another mountpoint, well, we just miss", an API of that kind is just plain wrong. Either you can live without seeing vfsmount in that method (in which case you shouldn't pass it at all), or you have a hole. NACK. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists