lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Nov 2007 08:36:12 -0500 From: Paul Moore <paul.moore@...com> To: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> Cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, takedakn@...data.co.jp Subject: Re: [TOMOYO #5 18/18] LSM expansion for TOMOYO Linux. On Saturday 17 November 2007 11:00:20 pm Tetsuo Handa wrote: > Hello. Hello. > Paul Moore wrote: > > Okay, well if that is the case I think you are going to have another > > problem in that you could end up throwing away skbs that haven't been > > through your security_post_recv_datagram() hook because you _always_ > > throw away the result of the second skb_peek(). Once again, if I'm wrong > > please correct me. > > I didn't understand what's wrong with throwing away the result of > the second skb_peek(). My concern is that you stated earlier that you needed to do the second skb_peek() because the first skb may have been removed from the socket queue while your LSM was making an access decision in security_post_recv_datagram(). If that is the case then the second call to skb_peek() will return a different skb then the one you passed to security_post_recv_datagram(). This is significant because you always throw away this second skb without first consulting the LSM via security_post_recv_datagram(). -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists