From: Paul Moore <paul.moore@hp.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, takedakn@nttdata.co.jp
Subject: Re: [TOMOYO #5 18/18] LSM expansion for TOMOYO Linux.
Date: Mon, 19 Nov 2007 08:36:12 -0500 [thread overview]
Message-ID: <200711190836.12940.paul.moore@hp.com> (raw)
In-Reply-To: <200711181300.III52155.FtFQJOLSMOHOVF@I-love.SAKURA.ne.jp>
On Saturday 17 November 2007 11:00:20 pm Tetsuo Handa wrote:
> Hello.
Hello.
> Paul Moore wrote:
> > Okay, well if that is the case I think you are going to have another
> > problem in that you could end up throwing away skbs that haven't been
> > through your security_post_recv_datagram() hook because you _always_
> > throw away the result of the second skb_peek(). Once again, if I'm wrong
> > please correct me.
>
> I didn't understand what's wrong with throwing away the result of
> the second skb_peek().
My concern is that you stated earlier that you needed to do the second
skb_peek() because the first skb may have been removed from the socket queue
while your LSM was making an access decision in
security_post_recv_datagram(). If that is the case then the second call to
skb_peek() will return a different skb then the one you passed to
security_post_recv_datagram(). This is significant because you always throw
away this second skb without first consulting the LSM via
security_post_recv_datagram().
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2007-11-19 13:36 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-16 17:34 [TOMOYO #5 00/18] TOMOYO Linux - MAC based on process invocation history penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 01/18] Add struct vfsmount to struct task_struct penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 02/18] Add wrapper functions for VFS helper functions penguin-kernel
2007-11-16 17:47 ` Trond Myklebust
2007-11-16 18:20 ` [TOMOYO #5 02/18] Add wrapper functions for VFS helperfunctions Tetsuo Handa
2007-11-16 18:33 ` Trond Myklebust
2007-11-17 4:04 ` [TOMOYO #5 02/18] Add wrapper functions for VFShelperfunctions Tetsuo Handa
2007-11-17 4:46 ` Trond Myklebust
2007-11-17 5:23 ` Tetsuo Handa
2007-11-19 12:53 ` [TOMOYO #5 02/18] Add wrapper functions for VFS helper functions Christoph Hellwig
2007-11-19 13:18 ` Tetsuo Handa
2007-11-16 17:34 ` [TOMOYO #5 03/18] Replace VFS with wrapper functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 04/18] Data structures and prototype defitions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 05/18] Memory and pathname management functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 06/18] Utility functions and policy manipulation interface penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 07/18] Domain transition functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 08/18] Auditing interface penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 09/18] File access control functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 10/18] argv0 check functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 11/18] Network access control functions penguin-kernel
2007-11-16 17:57 ` YOSHIFUJI Hideaki / 吉藤英明
2007-11-16 18:22 ` Tetsuo Handa
2007-11-16 17:34 ` [TOMOYO #5 12/18] Namespace manipulation " penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 13/18] Signal " penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 14/18] Capability access " penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 15/18] LSM adapter functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 16/18] Conditional permission support penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 17/18] Kconfig and Makefile penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 18/18] LSM expansion for TOMOYO Linux penguin-kernel
2007-11-16 19:23 ` Paul Moore
2007-11-17 3:45 ` Tetsuo Handa
2007-11-17 23:09 ` Paul Moore
2007-11-18 4:00 ` Tetsuo Handa
2007-11-19 13:36 ` Paul Moore [this message]
2007-11-19 14:29 ` Tetsuo Handa
2007-11-19 15:39 ` Paul Moore
2007-11-20 0:04 ` Tetsuo Handa
2007-11-20 0:52 ` James Morris
2007-11-20 4:50 ` [PATCH] Add packet filtering based on process\'s security context Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200711190836.12940.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.