lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 07 Jan 2010 15:34:16 +0100
From:	Samir Bellabes <sam@...ack.fr>
To:	Patrick McHardy <kaber@...sh.net>
Cc:	linux-security-module@...r.kernel.org, jamal <hadi@...erus.ca>,
	Evgeniy Polyakov <zbr@...emap.net>,
	Neil Horman <nhorman@...driver.com>, netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org
Subject: Re: [RFC 4/9] snet: introduce snet_core.c and snet.h

Patrick McHardy <kaber@...sh.net> writes:

>> +unsigned int event_hash_size = 16;
>> +module_param(event_hash_size, uint, 0600);
>> +MODULE_PARM_DESC(event_hash_size, "Set the size of the event hash table");
>> +
>> +unsigned int verdict_hash_size = 16;
>> +module_param(verdict_hash_size, uint, 0600);
>> +MODULE_PARM_DESC(verdict_hash_size, "Set the size of the verdict hash table");
>
> I can't see anything handling size changes after initialization,
> so there should probably use 0400.

right, here is a patch

thanks Patrick,
sam

commit af9c2157ecb130c1d08bcbeb121e4f50b3e40ab0
Author: Samir Bellabes <sam@...ack.fr>
Date:   Tue Jan 5 17:58:42 2010 +0100

    snet: fixing permission of snet module's parameters
    
    the values of parameters are not changing after initialisation.
    So permissions should be 0400
    
    Noticed by Patrick McHardy <kaber@...sh.net>
    
    Signed-off-by: Samir Bellabes <sam@...ack.fr>

diff --git a/security/snet/snet_core.c b/security/snet/snet_core.c
index 6e2befc..bf55758 100644
--- a/security/snet/snet_core.c
+++ b/security/snet/snet_core.c
@@ -10,11 +10,11 @@
 #include "snet_utils.h"
 
 unsigned int snet_evh_size = 16;
-module_param(snet_evh_size, uint, 0600);
+module_param(snet_evh_size, uint, 0400);
 MODULE_PARM_DESC(snet_evh_size, "Set the size of the event hash table");
 
 unsigned int snet_vdh_size = 16;
-module_param(snet_vdh_size, uint, 0600);
+module_param(snet_vdh_size, uint, 0400);
 MODULE_PARM_DESC(snet_vdh_size, "Set the size of the verdict hash table");
 
 unsigned int snet_verdict_delay = 5;
@@ -22,7 +22,7 @@ module_param(snet_verdict_delay, uint, 0600);
 MODULE_PARM_DESC(snet_verdict_delay, "Set the timeout for verdicts in secs");
 
 unsigned int snet_verdict_policy = SNET_VERDICT_GRANT;	/* permissive by default */
-module_param(snet_verdict_policy, uint, 0600);
+module_param(snet_verdict_policy, uint, 0400);
 MODULE_PARM_DESC(snet_verdict_policy, "Set the default verdict");
 
 #ifdef CONFIG_SECURITY_SNET_DEBUG
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ