lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20081014205233.1057.45494.stgit@paris.rdu.redhat.com>
Date:	Tue, 14 Oct 2008 16:52:33 -0400
From:	Eric Paris <eparis@...hat.com>
To:	linux-kernel@...r.kernel.org, malware-list@...ts.printk.net
Cc:	viro@...IV.linux.org.uk, alan@...rguk.ukuu.org.uk,
	arjan@...radead.org, greg@...ah.com, tytso@....edu
Subject: [PATCH -v2 12/16] fanotify: user interface for access decisions

turns out that access decisions are useless if there is no way to do
anything about them.  So we add an interface.  Alan will hate it, but at
least it works...

Signed-off-by: Eric Paris <eparis@...hat.com>
---

 include/linux/fanotify.h   |    7 +++++++
 net/fanotify/af_fanotify.c |   11 ++++++++++-
 2 files changed, 17 insertions(+), 1 deletions(-)

diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index 07b8e77..b5c9db9 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -81,8 +81,15 @@ struct fanotify_so_fastpath {
 	uint32_t mask;
 };
 
+/* struct used for FANOTIFY_SEND_RESPONSE */
+struct fanotify_so_access {
+	uint64_t cookie;
+	uint32_t response;
+};
+
 /* fanotify setsockopt optvals */
 #define FANOTIFY_SET_FASTPATH	1
+#define FANOTIFY_SEND_RESPONSE	2
 
 #ifdef __KERNEL__
 
diff --git a/net/fanotify/af_fanotify.c b/net/fanotify/af_fanotify.c
index a7d3b96..89099ab 100644
--- a/net/fanotify/af_fanotify.c
+++ b/net/fanotify/af_fanotify.c
@@ -164,6 +164,7 @@ static int fan_setsockopt(struct socket *sock, int level, int optname, char __us
 	struct fanotify_sock *fan_sock;
 	struct fanotify_group *group;
 	struct fanotify_so_fastpath fp_data;
+	struct fanotify_so_access access_data;
 	int ret = 0;
 
 	if (sock->state != SS_CONNECTED)
@@ -179,7 +180,15 @@ static int fan_setsockopt(struct socket *sock, int level, int optname, char __us
 		ret = copy_from_user(&fp_data, optval, sizeof(struct fanotify_so_fastpath));
 		if (ret)
 			return ret;
-		fanotify_fastpath_add(group, fp_data.fd, fp_data.mask);
+		ret = fanotify_fastpath_add(group, fp_data.fd, fp_data.mask);
+		break;
+	case FANOTIFY_SEND_RESPONSE:
+		if (optlen < sizeof(struct fanotify_so_access))
+			return -ENOMEM;
+		ret = copy_from_user(&access_data, optval, sizeof(struct fanotify_so_access));
+		if (ret)
+			return ret;
+		ret = fanotify_process_access_response(group, access_data.cookie, access_data.response);
 		break;
 	default:
 		return -ENOPROTOOPT;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ