From: Casey Schaufler <casey@schaufler-ca.com>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: jmorris@namei.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer
Date: Fri, 17 Aug 2007 14:21:28 -0700 (PDT) [thread overview]
Message-ID: <874159.25428.qm@web36615.mail.mud.yahoo.com> (raw)
In-Reply-To: <1187380698.24950.50.camel@moss-terrapins.epoch.ncsc.mil>
--- "David P. Quigley" <dpquigl@tycho.nsa.gov> wrote:
> On Fri, 2007-08-17 at 12:37 -0700, Casey Schaufler wrote:
> > --- "David P. Quigley" <dpquigl@tycho.nsa.gov> wrote:
> >
> > > From: David P. Quigley <dpquigl@tycho.nsa.gov>
> > >
> > > This patch modifies the interface to inode_getsecurity to have the
> function
> > > return a buffer containing the security blob and its length via
> parameters
> > > instead of relying on the calling function to give it an appropriately
> sized
> > > buffer. Security blobs obtained with this function should be freed using
> the
> > > release_secctx LSM hook.
> >
> > You are making the assumption that the LSM is going to return a secctx
> > for all possible named attributes. The caller already has to know the
> > name of the interesting attribute, that should imply that the caller
> > has enough information to get the right size for a buffer. I don't think
> > much of interfaces that require you to allocate memory that you're
> > just going to throw away after you glance at the data, especially in
> > the file system lookup path.
>
> Ok sorry I read this a couple of more times and I understand this now.
> Your issue isn't a concern. This is going to be done somewhere for an
> lsm since it has to allocate space to store the information internally
> and then copy it into the buffer provided by getxattr. In your case
> there isn't even an allocation and freeing of data here. In SELinux we
> had to allocate a string to store the converted sid in and then copy it
> up into the buffer internally. Regardless a copy is going to happen the
> question is where.
I checked and indeed everyone who calls this is allocating a
buffer anyway (no one is using the stack) so replacing the
caller allocated buffer with an LSM managed scheme ought not
to be a concern.
> > > This alleviates the problem of the caller having to
> > > guess a length and preallocate a buffer for this function allowing it to
> be
> > > used elsewhere for Labeled NFS. The patch also removed the unused err
> > > parameter. The same conversion is similar to the one used by Al Viro for
> the
> > > security_getprocattr hook.
> >
> > These are very different use frequency cases.
> >
> >
> >
> > Casey Schaufler
> > casey@schaufler-ca.com
>
>
>
Casey Schaufler
casey@schaufler-ca.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-08-17 21:21 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-17 17:01 [RFC]Cleanup inode_getsecurity and callers for use with labeled NFS David P. Quigley
2007-08-17 17:01 ` [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer David P. Quigley
2007-08-17 19:37 ` Casey Schaufler
2007-08-17 19:46 ` David P. Quigley
2007-08-17 19:58 ` David P. Quigley
2007-08-17 21:21 ` Casey Schaufler [this message]
2007-08-27 19:05 ` David P. Quigley
2007-08-27 19:51 ` Casey Schaufler
2007-08-17 17:01 ` [PATCH 2/2] VFS: Reorder vfs_getxattr to avoid unnecessary calls to the LSM David P. Quigley
-- strict thread matches above, loose matches on Subject: below --
2007-10-22 19:06 [RFC 0/2] getsecurity/vfs_getxattr cleanup David P. Quigley
2007-10-22 19:10 ` [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer David P. Quigley
2007-10-23 23:38 ` James Morris
2007-10-26 0:02 ` Serge E. Hallyn
2007-10-26 14:50 ` David P. Quigley
2007-10-26 15:02 ` Serge E. Hallyn
2007-10-26 15:04 ` Stephen Smalley
2007-10-26 15:35 ` Serge E. Hallyn
2007-10-26 15:13 ` David P. Quigley
2007-10-26 15:20 ` David P. Quigley
2007-10-26 15:54 ` David P. Quigley
2007-10-26 16:36 ` Serge E. Hallyn
2007-10-26 17:36 ` David P. Quigley
2007-10-26 15:07 ` Serge E. Hallyn
2007-10-26 15:16 ` David P. Quigley
2007-10-26 22:14 ` James Morris
2007-10-31 20:55 ` David P. Quigley
2007-11-01 3:56 ` James Morris
2007-11-01 14:35 [PATCH 0/2] getsecurity/vfs_getxattr cleanup V2 David P. Quigley
2007-11-01 14:40 ` [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer David P. Quigley
2007-11-01 20:58 ` James Morris
2007-11-01 22:43 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874159.25428.qm@web36615.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=jmorris@namei.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.