lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200911190704.CHI18293.VJOMHFtOLQSOFF@I-love.SAKURA.ne.jp>
Date:	Thu, 19 Nov 2009 07:04:19 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:	ebiederm@...ssion.com
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 00/23] Removal of binary sysctl support

Hello.

Eric W. Biederman wrote:
> Tetsuo Handa writes:
> 
> > Eric W. Biederman wrote:
> >> There has been a gradual transition from the assumption that the table ends with
> >> !ctl_name to the assumption that procname == NULL.  There is no sysctl entry
> >> with a valid ctl_name without a valid procname.
> >
> > I see. Then, please add below one to your patchset.
> 
> I have been looking at this and in the sysctl tree I am now going through
> the vfs for all of the the operations on /proc/sys.  I believe that means
> we can completely remove the sysctl special case in tomoyo.  Like I have
> in the patch below.
> 
> Will that work?
> 
> Eric

If you remove sysctl(2) from kernel and let userland libraries emulate

	static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE };
	int buffer[2] = { 0, 0 };
	int size = sizeof(buffer);
	sysctl(name, 3, buffer, &size, 0, 0);

like

	FILE *fp = fopen("/proc/sys/net/ipv4/ip_local_port_range", "r");
	int buffer[2] = { 0, 0 };
	fscanf(fp, "%u %u", &buffer[0], &buffer[1]);
	fclose(fp);

or you modify sysctl(2) to call security_dentry_open() rather than
security_sysctl(), we can completely remove the sysctl special case in tomoyo.

Regards.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ