lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070825110825.GB5850@ucw.cz>
Date:	Sat, 25 Aug 2007 11:08:26 +0000
From:	Pavel Machek <pavel@....cz>
To:	Kentaro Takeda <k.takeda26@...il.com>
Cc:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, chrisw@...s-sol.org
Subject: Re: [TOMOYO 14/15] Conditional permission support.

Hi!

> This patch allows administrators use conditional permission.
> TOMOYO Linux supports conditional permission based on
> process's UID,GID etc. and/or requested pathname's UID/GID.
> 
> Signed-off-by: Kentaro Takeda <takedakn@...data.co.jp>
> Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>

> + * Since the trailing spaces are removed by tmy_normalize_line(),
> + * the last "\040if\040" sequence corresponds to condition part.
> + */
> +char *tmy_find_condition_part(char *data)
> +{
> +	char *cp = strstr(data, " if ");
> +	if (cp) {
> +		char *cp2;
> +		while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> +			cp = cp2;
> +		*cp++ = '\0';
> +	}
> +	return cp;
> +}
...

> +	unsigned long left_min = 0;
> +	unsigned long left_max = 0;
> +	unsigned long right_min = 0;
> +	unsigned long right_max = 0;
> +	if (strncmp(condition, "if ", 3))
> +		return NULL;
> +	condition += 3;
> +	start = condition;
> +	while (*condition) {
> +		if (*condition == ' ')
> +			condition++;
> +		for (left = 0; left < MAX_KEYWORD; left++) {
> +			if (strncmp(condition, cc_keyword[left].keyword,
> +				    cc_keyword[left].keyword_len))
> +				continue;
> +			condition += cc_keyword[left].keyword_len;
> +			break;
> +		}
> +		if (left == MAX_KEYWORD) {
> +			if (!tmy_parse_ulong(&left_min, &condition))
> +				goto out;
> +			counter++; /* body */
> +			if (*condition != '-')
> +				goto not_range1;
> +			condition++;
> +			if (!tmy_parse_ulong(&left_max, &condition)
> +			    || left_min > left_max)
> +				goto out;
> +			counter++; /* body */
> +not_range1: ;
> +		}
> +		if (strncmp(condition, "!=", 2) == 0)
> +			condition += 2;
> +		else if (*condition == '=')
> +			condition++;
> +		else
> +			goto out;
> +		counter++; /* header */
> +		for (right = 0; right < MAX_KEYWORD; right++) {
> +			if (strncmp(condition, cc_keyword[right].keyword,
> +				    cc_keyword[right].keyword_len))
> +				continue;
> +			condition += cc_keyword[right].keyword_len;
> +			break;
> +		}

What is that? Language parser in kernel?

							Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ