From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Valdis.Kletnieks@vt.edu
Cc: Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org, linux-security-module@wirex.com
Subject: Re: [RFC] LSM changes for 2.5.38
Date: 30 Sep 2002 15:51:11 +0100 [thread overview]
Message-ID: <1033397471.16947.7.camel@irongate.swansea.linux.org.uk> (raw)
In-Reply-To: <200209301419.g8UEJI6E001699@turing-police.cc.vt.edu>
On Mon, 2002-09-30 at 15:19, Valdis.Kletnieks@vt.edu wrote:
> On Fri, 27 Sep 2002 19:59:19 BST, Christoph Hellwig said:
>
> > insmod doesn't require modules to be in /lib/modules.
>
> This would probably be closed by this code in sys_create_module():
>
> /* check that we have permission to do this */
> error = security_ops->module_ops->create_module(name, size);
> if (error)
> goto err1;
This is part of the problem as ever. The name that is used is
meaningless. The module loader needs to make meaningful decisions. That
really means it needs to be able to see the actual loaded module. If we
go to Rusty's kernel module loader then we can fix this because we can
pass the actual module code/data block and sizes to the LSM. At that
point the LSM can do meaningful things like GPG.
In the current form you can say that module creation can only be done by
the right kind of user, and the program "insmod", but even in this case
the module name fed to the LSM seems worthless
next prev parent reply other threads:[~2002-09-30 14:39 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-27 4:32 [RFC] LSM changes for 2.5.38 Christoph Hellwig
2002-09-26 22:51 ` Greg KH
2002-09-27 16:48 ` Christoph Hellwig
2002-09-27 16:55 ` Greg KH
2002-09-27 17:01 ` Christoph Hellwig
2002-09-27 17:24 ` Greg KH
2002-09-27 12:09 ` Stephen Smalley
2002-09-27 16:34 ` Greg KH
2002-09-27 16:55 ` Christoph Hellwig
2002-09-27 18:09 ` Valdis.Kletnieks
2002-09-27 18:19 ` Christoph Hellwig
2002-09-27 18:54 ` Valdis.Kletnieks
2002-09-27 18:59 ` Christoph Hellwig
2002-09-30 14:19 ` Valdis.Kletnieks
2002-09-30 14:51 ` Alan Cox [this message]
2002-10-01 16:55 ` Christoph Hellwig
2002-10-02 17:55 ` Valdis.Kletnieks
2002-10-02 18:39 ` Christoph Hellwig
2002-10-02 22:55 ` Seth Arnold
2002-10-02 23:07 ` Alan Cox
2002-09-27 19:00 ` Stephen Smalley
2002-10-01 17:06 ` Christoph Hellwig
2002-09-30 9:08 ` Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2002-09-26 20:25 Greg KH
2002-09-26 20:26 ` Greg KH
2002-09-26 20:27 ` Greg KH
2002-09-26 20:28 ` Greg KH
2002-09-26 20:28 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1033397471.16947.7.camel@irongate.swansea.linux.org.uk \
--to=alan@lxorguk.ukuu.org.uk \
--cc=Valdis.Kletnieks@vt.edu \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).