[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100721.114509.37203355.davem@davemloft.net>
Date: Wed, 21 Jul 2010 11:45:09 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: penguin-kernel@...ove.SAKURA.ne.jp
Cc: kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org,
yoshfuji@...ux-ipv6.org, kaber@...sh.net, paul.moore@...com,
netdev@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH] LSM: Add post recvmsg() hook.
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Date: Sat, 17 Jul 2010 10:17:10 +0900
> NETWORKING [IPv4/IPv6] maintainers and Paul, is below patch fine for you?
Unfortunately, after further consideration, I must reject this patch
and also the post accept() LSM hook one.
Sorry.
I looked into history of the discussions on this issue, and I have found
that the core issue with these hooks has not been addressed.
We must ensure that if:
1) Application makes poll() on UDP socket in blocking mode, and UDP
reports that receive data is available
and
2) Application, after such a poll() call, makes a blocking recvmsg() call
and no other activity has occurred on the socket meanwhile
Then we MUST return immediately with that available data.
This LSM hook, when it triggers, can violate this rule, even if you do
this looping thing.
The post accept() hook has the same problems.
Here is where we originally discussed this, in detail:
http://www.spinics.net/lists/netdev/msg95660.html
Therefore, I think this shows that what Tomoyo is trying to do is
fatally flawed. We brought this fundamental issue up to you about a
year ago, and the issue is still not addressed.
So consider very seriously, that what you are trying to do cannot be
performed without breaking applications and API behavioral
expectations.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists